The Australian government reinforced its dedication to safeguarding the nation’s cyber environment and critical infrastructure by declaring an additional 13 Systems of National Significance (SoNS). This initiative increases the total to over 220 assets across sectors such as energy, communications, transport, financial services and markets, food and grocery, and data storage or processing, all designated by the government.
“Cyber incidents are one of the fastest growing threats to our country – and that means it’s more important than ever to protect the critical infrastructure that Australians rely on every day,” Tony Burke, Australia’s Minister for Home Affairs and Cyber Security, said in a Monday media statement. “We are using all the tools at our disposal to improve our cyber security and the protection of our critical infrastructure, and listing Systems of National Significance is a part of that effort. I want to thank the owners and operators of Systems of National Significance for joining us as we uplift the cyber security of Australia’s critical infrastructure, making us amongst the most cyber secure nations in the world.”
Being declared a System of National Significance means the Australian government may apply a comprehensive set of enhanced cyber security obligations on owners and operators in relation to their assets, to better protect the Australian economy and all Australians. These obligations include developing incident response plans to prepare for a cyber incident, undertaking cyber security exercises to build cyber preparedness and carrying out assessments to identify and fix vulnerabilities. They also require owners and operators to provide system information to the Australian Signals Directorate (ASD) to develop and maintain a near-real time threat picture.
Systems of National Significance are privately declared under section 52B of the Security of Critical Infrastructure Act 2018. By declaring an asset as a SoNS, the Australian Government can apply a comprehensive set of enhanced cyber security obligations on owners and operators to uplift cyber resilience to better protect Australians. The list of Systems of National Significance is not released publicly to protect national security.
Hamish Hansford, deputy secretary for cyber and infrastructure security at Australia’s Department of Home Affairs, detailed that the Security of Critical Infrastructure Act 2018 outlines the 11 critical infrastructure sectors and then the 22 different types of critical infrastructure assets that make up those sectors. “SONS are a very, very small subset of these critical infrastructure assets that the Minister for Home Affairs has determined are of particular national significance. In other words, SONS are the really critical infrastructure assets that have a level of interdependence and would have disproportionate impacts on our society, economy, stability or security if an incident were to successful disrupt their operations.”
He added that “declaration of SONS is a way of calling out those critical infrastructure assets that are at the core the functioning of how we live. SONS are a focal point also for our engagement and big focus of effort for us. This includes through the application of Enhanced Cyber Security Obligations which can be asked of SONS.”
Hansford noted “Our approach is to have in place for each SONS the incident response plans to ensure that we are able to respond to an incident that relates to the operation of the system or a critical infrastructure incident. Equally, there will be emergent vulnerabilities or helpful exercises that can usefully be undertaken to understand and identify vulnerabilities or test response mechanisms.”
He added that finally, the provision of systems information to the Australian Cyber Security Centre may also help for the provision of better advisories and advice to mitigate against cyber attacks. “We view SONS and the associated Enhanced Cyber Security Obligations as a legal framework for collaboration, a focal point for our engagement, and an operational necessity given the global threat environment that we face. SONS are so critical to our nation not only for operating the essential service that they provide but underpin the essential fabric of our society, our economy or our security.”
Last November, the Australian Cyber and Infrastructure Security Centre (CISC) announced designation of 46 additional critical infrastructure assets as Systems of National Significance. The initiative is part of the Australian government’s ongoing efforts to enhance the cyber resilience of the nation’s vital infrastructure. With this latest declaration, the total number of such systems now exceeds 200, spanning sectors like energy,communications, transport, financial services, food and grocery, and data storage or processing. This collaboration between the government and businesses aims to strengthen national security.
