Organisations covered by the Security of Critical Infrastructure Act (SOCI) will have their cyber security tested in regular exercises conducted by the federal government.
The move was announced yesterday by minister for home affairs and cyber security Clare O’Neil, in a speech given to the Australian Strategic Policy Institute (ASPI) in Sydney.
O’Neil said the government “will systematically and frequently exercise with entities covered under SOCI on a sectoral and cross-sectoral basis supported by the cyber and infrastructure security group in my department and led by the national cyber coordinator”.
She said the exercises “will build muscle memory in how to deal with a cyber attack”, and will include “the types of incidents we have not yet experienced on a national scale – such as a lock-up of critical infrastructure or integrity attacks on critical data.”
O’Neil pointed out that an attack on a single critical infrastructure could affect “potentially millions of Australians”.
The exercise series will be launched as soon as possible, because, O’Neil said, “this is something that should not wait for the [revised national cyber security] strategy to be completed to get started.”
Identity resilience also on the table
O’Neil also foreshadowed a refresh of “our national strategy for identity resilience”, to be conducted with state and territory governments.
The national digital ID system work being led by finance minister Katy Gallagher is part of that, with O’Neil saying it would “streamline transactions and reduce the need for companies to hold unnecessary data, and where they do hold personal data, ensure it has the highest level of protection.
“Ultimately, this is all about making Australian identities hard to steal and, if compromised, easy to restore," she said.