As the Australian financial year 2023-2024 concludes, the nation’s Cyber and Infrastructure Security Centre (CISC) announced that the Critical Infrastructure Risk Management Program (CIRMP) Annual Report will be open from July 1 to Sept. 28, 2024. This should be done using the Responsible Entity Risk Management Program – Annual Report Form. Moreover, the responsible entity will have to develop, implement, manage, and maintain a cybersecurity framework before Aug. 17, 2024, under Section 8 of the Security of Critical Infrastructure (SOCI) CIRMP Rules.

The development is part of the Australian government’s commitment to ensure that their digital products and services can be trusted as being safe, secure, and fit for purpose. The government is deeply committed to the safety, security, and functionality of digital services and products. Failures in technology can be easily manipulated in the digital sphere and can lead to problems of mistrust by the public. 

Currently, a lot of digital products do not have appropriate security against consumers and businesses, despite technological advancement being in place. Therefore, rapidly growing cyber threats present the need for international cooperation in OT (operational technology) and ICS (industrial control system) cybersecurity to respond to evolving threats. 

Strengthening global cooperation and security

As critical infrastructure systems are a priority target of cyber-attacks, global cooperation becomes all the more necessary to mitigate the risks satisfactorily. Intelligence, best practices, and new technologies developed in various countries can bring improved security standards to OT and ICS environments. International treaties and public-private partnerships can help to work out closer collaboration that enables countries to respond quickly enough and appropriately to cyber threats. Countries can work in collaboration to strengthen defenses against cyber-attacks. 

Products without built-in security can present vulnerabilities that malicious actors can easily exploit, potentially undermining public trust in technology, as many digital products do not have security standards built in by design, or turned on by default.  As a result, consumers and businesses can be offered less secure products and services, with insufficient expertise to manage the risk.

Australia has several complementary mechanisms to ensure digital products are secure by design and by default, such as the Protective Security Policy Framework (PSPF) and the Security of Critical Infrastructure Act 2018. Further work is being pursued under the 2023-2030 Australian Cyber Security Strategy to increase the cyber resilience of all technologies, including in IT, OT, and ICS environments.

The Australian government evidently continues to consider tailored action to ensure the cybersecurity of devices used in OT and ICS environments, including lessons and approaches from international partners.

International collaboration and learning 

“Assuring the cyber security of all technologies, including those used in OT and ICS environments, is a joint priority for Australia and our international partners,” a spokesperson from Australia’s Department of Home Affairs, told Industrial Cyber. “We recognize the economic costs that businesses can face in uplifting the resilience of their digital products and services, and international alignment of policies and regulation is a key tool in reducing this burden.”

The spokesperson added that increased inter-jurisdictional consistency of security settings for technologies has enabled a better collective response to the evolving cyber threat landscape.

Public and private sector collaboration 

Collaboration between the public and private sectors is important in enhancing the country’s cybersecurity posture. Governments work together with industry partners in sharing information, developing best practices, and providing close coordination of responses in case of cyber incidents. This kind of collaborative approach will ensure that both sectors are on the same page moving forward in protecting Australia’s digital infrastructure.

The spokesperson said that Australia has a close relationship with its international partners, while also collaborating with them to share approaches and lessons learned.

“Cyber operates in a space without borders. Australia relies on a close operational relationship with our international partners to share critical information, enhance incident response, and enable effective recovery,” according to the Department of Home Affairs spokesperson. “We have found the close international collaboration seen in aviation safety activities has been an effective model for our efforts.”

Harmonizing Regulation and Policy 

Before the rise of the digital economy, policymaking afforded more grace in tailoring settings to the unique contexts of each jurisdiction. The interconnected nature of today’s digital world requires a different approach. 

“Each jurisdiction has their own legislative, regulatory, economic, and cultural landscape to navigate when considering the right settings to secure technologies,” the Department of Home Affairs spokesperson mentioned. “While we are committed to working with our partners to harmonize regulation, our first commitment will always be to ensure our legislative settings are fit-for-purpose for the unique Australian context.”

Emerging technologies and their impact 

Emerging technologies have shaped and reshaped the ways that Australians interact in Australia’s digital economy, the spokesperson mentioned. “Australia is closely monitoring the benefits and challenges that emerging technologies, such as artificial intelligence and quantum computation, will pose to IT, OT, and ICS environments. We rely on dialogue and collaboration within the cohort of world leaders on these technologies to ensure we remain agile and responsive to the rapid technological advancements in these fields.”

Focus on harmonizing regulation and policy 

The spokesperson outlined that before the rise of the digital economy, policymaking afforded more grace in tailoring settings to the unique contexts of each jurisdiction.

“We have now seen how cyber operates in a space without borders, with little regard to the idiosyncrasies of each jurisdiction’s legislative, economic, and cultural environments,” according to the spokesperson. “All countries internationally have become aware of these novel issues and are working collaboratively to consider alternate ways of policymaking that allow for alignment and clarity across borders.”

Clearly, the Australian government is committed to ensuring that digital products and services are safe and secure to further strengthen and safeguard the country’s digital infrastructure. Filling the inbuilt security gaps, capitalizing on complementary mechanisms, and implementing tailored actions for OT and ICS environments will bolster Australia’s cybersecurity resilience. In the process, it fosters a continued public trust in technology for a safe digital future for all in Australia through better collaboration and capacity-building.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.