Private/Public Partnerships

Our critical infrastructure comprises all the physical facilities and ICT systems that could seriously impact on the nation's social or economic wellbeing, or diminish its ability to defend itself if destroyed, degraded or rendered unavailable for any great length of time. Critical infrastructure resides in many sectors of the economy, including banking and finance, transport and distribution, energy, utilities, health, food supply, manufacturing and communications, as well as key government services and national icons.

The Attorney-General's Department home page includes some sobering advice. "It is important to note that, while terrorism has assumed a higher profile in Australia's threat environment, it is not the only threat to critical infrastructure. Critical infrastructure can be damaged or destroyed by computer hackers, criminal activity, malicious damage, accidents and natural disasters. Our critical infrastructure has to be protected against all of these threats."

The government recognizes CIP depends on government and industry cooperating - even collaborating - when appropriate, to help reduce infrastructure security risks.

In November 2002 the Commonwealth government announced the formation of the Trusted Information Sharing Network (TISN) for critical infrastructure protection to allow the owners and operators of critical infrastructure to share information on important issues such as business continuity, consequence management, information systems attacks and vulnerabilities, e-crime, protection of key sites from attack or sabotage, chemical, biological and radiological threats to water and food supplies, and the identification and protection of offshore and maritime assets.

Infrastructure Assurance Advisory Groups (IAAGs) have been formed under the TISN for the communications, energy, banking and finance, food chain, health, water services and emergency services sectors. Further groups will be established as needed. Most IAAGs have now developed work plans for the development of risk mitigation strategies for their sectors.

As part of the TISN the Attorney-General's Department chairs the Critical Infrastructure Advisory Council (CIAC). The CIAC is made up of representatives from various sectors of critical infrastructure, plus a representative from each of the states and territories and relevant Commonwealth agencies. The main role for the CIAC will be on medium- to long-term issues focusing on preventative measures, rather than response arrangements for specific security incidents.

Little information is allowed to leak from the CIAC - participants are sworn to secrecy - but it seems there is very much still to be done. A 2004 report by the Swiss government, called "An Inventory and Analysis of Protection Policies in Fourteen Countries", detailed the scope of Australia's critical infrastructure components, from communications/telecommunications (phone, fax, Internet, cable, satellites and electronic mass communications), to manufacturing (defence industry, heavy industry and chemicals), to transport (air traffic control, road, sea, rail and inter-modal [cargo distribution centres]) and utilities (water, waste water and waste management), along with much in between.

"Technology is relied upon to operate, monitor and maintain these vast, exposed networks and the fragile information grids that underpin them," the report says. "In a big country such as Australia with a dispersed resource base, redundancy in distribution networks, and in the information systems upon which they depend, has been kept to a strict minimum due to cost pressures." As an example the report notes Australia's biggest city, Sydney, is dependent on three sources of power, not all of which are distributed through redundant networks with backup systems.

"A study of the power and communication distribution networks in the capital, Canberra, and their limited connections to the rest of the country, suggest that a terrorist attack against just three key sites could degrade (possibly severely) the functioning of federal government, including key agencies responsible for national security."

The report notes many of Australia's assets rely on the country's vulnerable National Information Infrastructure, and says any comprehensive risk assessment requires an evaluation of threats against the vulnerabilities identified. The first such study in Australia, undertaken in 1997 by the Strategic and Defence Studies Centre within Australian National University, assessed terrorism as the most likely form of threat against Australia's critical infrastructure and estimated that while the vulnerabilities were great, the threat at that time was low. Now, since our engagement in the war on terrorism and in Iraq, experts believe that threat is considerably higher.