Download Comments on AG paper Strengthening the national security of

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

Distributed firewall wikipedia , lookup

Airborne Networking wikipedia , lookup

Computer security wikipedia , lookup

Service-oriented architecture implementation framework wikipedia , lookup

Transcript 
Response to discussion paper
“Strengthening the national security of
Australia’s critical infrastructure”
Thank you for the opportunity to comment on the discussion paper “Strengthening the national
security of Australia’s critical infrastructure”, which was released publicly on
https://www.ag.gov.au/Consultations/Pages/Strengthening-the-national-security-of-australiascritical-infrastructure.aspx
Australia has been a thought leader in critical infrastructure protection since the launch of the
Trusted Information Sharing Nnetrwork in 2002.
We offer the following thoughts to assist government consideration on this important issue.
A register of critical infrastructure will only be only useful if it provides a current and complete
picture to assist national security decision-making. The identified threats from malicious actors has
been clearly identified but there should be some additional reverences to the domain of natural and
accidental hazards.
Further we suggest that the complex network and interdependencies of transport systems should be
considered. While raw material suppliers such as oil and gas may be considered a subset, they too
should be part of the network of interrelated CI to be considered. Mapping these networks in detail
may assist in an assessment of hierarchy and interdependency.
Governments have considered the task at both state and federal level in the past and discounted it
because the effort to maintain such a register is significant. CI Registers in other countries have also
not been very successful. The Department of Defence which through the Defence Industry Security
Program often struggles to maintain visibility of the defence infrastructure let alone maintain a
detailed register. They have enhanced their approach by considering criticality of projects and sites
on a risk assessed basis for rating for security and reporting but it does not address the network
relationships.
The assessment of criticality will need to be carefully considered from a resilience perspective.
Fragility of complex societies such as ours is due to brittleness where seemingly small events or
decisions cause larger problems because there is a lack of adaptability in the system as a whole.
Reference could be made to the current standards work to provide some definitional guidance and
elements around key characteristics of resilience.
AGD should place significant effort to investigate a behavioural economy approach to the problem of
ensuring records are current and complete. Creating legal penalties for compliance and enforcing
them is expensive and time consuming and risks alienating critical infrastructure owners. AGD
should consider how to create strong incentives for organisations to participate in the register. As a
first step, AGD should consider what information could be obtained from other information sources
such as ASIC or the state/territory governments to make participation easier.
Ref: Main advantages and disadvantages of a register
Depending on how the register is designed, it could become the ‘source of truth’ to identify critical
infrastructure.
We see that there are several issues that would need to be surmounted in the design and
implementation of a register.
-
-
-
Cost of implementation and maintenance, both for government and the economy more
generally.
Balancing the needs for confidentiality of the information in its aggregated form with the
need for the integrity/accuracy and timeliness of the information it contained and
availability of the information for maximum utility.
Whilst we think of critical infrastructure as buildings or plants, much of the critical
infrastructure is in fact ‘systems’ such as the food distribution network. Efforts to create
registers of critical infrastructure have in the past skewed towards physical infrastructure
and buildings. Consideration should be given to a graphical network centric model of the
interrelationships. I would consider something along the lines of the representations used in
the WEA 2016 Threat Assessment paper.
How will the register adapt to changes in the consideration of what is critical?
The Register needs to be dynamic and up to date and structures in such a way that at the “backend”
there will be automatically indications of changes that vary the risk assessment. Some identification
of understanding of key points of failure in the network/s will be critical.
Registration of foreign interests may require special relationships for governance and visibility of
operations as risk arising, on one hand, from state ownership of all or some components of an
enterprise, and on the other from global financial pressures on overseas owners whose primary
consideration is profitability.
Jason Brown
International Chair of ISO TC262 Risk
Management.
Standards Australia Chair – MB 025 Security and
Resilience.
National Security Director Thales Australia
Alex Webling
International Rapporteur on Resilience for ISO TC
292 Security and Resilience
Member of Standards Australia Board – MB 025
Security and Resilience
Director, Resilience Outcomes Australia Pty Ltd
www.resilienceoutcomes.com
Related documents
grow campaign ppt sample pages
grow campaign ppt sample pages
Keynote Speech
Keynote Speech
Climate Change and Health A Framework for Discussion
Climate Change and Health A Framework for Discussion
Slide 1
Slide 1
ELM invitation letter - 23rd Australasian Joint Conference on
ELM invitation letter - 23rd Australasian Joint Conference on
I call upon the Australian Government to implement the following
I call upon the Australian Government to implement the following
Silent-partner
Silent-partner
Asia-Pacific Symposium on Entreprenurship and Innovation
Asia-Pacific Symposium on Entreprenurship and Innovation
Statement from CPA Australia Chief Executive Alex Malley on Australia joining the Asian Infrastructure Investment Bank (AIIB)
Statement from CPA Australia Chief Executive Alex Malley on Australia joining the Asian Infrastructure Investment Bank (AIIB)
e-Grad School (Australia)
e-Grad School (Australia)
Click here to read the media release
Click here to read the media release
2017 FM Global Resilience Index Annual Report
2017 FM Global Resilience Index Annual Report