Securing our critical infrastructure against crisis and threat

Critical infrastructure is the central nervous system of our economy. When it breaks down, so too do the systems that power, feed, connect, and transport us.

The threat of such breakdown has never been more apparent. Climate change-related disasters are exposing our infrastructure to more regular and systemic stress. All the while, state actors seek to disrupt and subvert Australia's critical infrastructure, especially via cyber means. Our infrastructure has become a prime target in grey zone activities that aim to weaken and coerce us, but which deliberately fall below the threshold of conflict.

A comprehensive, all-hazards approach to securing our critical infrastructure is therefore urgently needed. Building on the risk management framework legislated in 2018, and updated in 2021, we will:

Strengthen Positive Security Obligations and Enhanced Cyber Security Obligations for critical infrastructure entities. Specifically, we will mandate compliance by all designated entities with ASD's Essential Eight mitigation strategies. Further, to ensure Australia's critical infrastructure entities are prepared to withstand a worst-case climate change scenario, we will require that all risk management programs under the updated PSO take account of climate risk consistent with 4 degrees' warming. We will also look to extend the scope of entities subject to these obligations.

Support industry in meeting its security obligations. To do so, Australia will increase funding to the Australian Cyber Security Centre, via ASD. Increased funding will better equip the ACSC to help relevant entities develop and implement incident response plans, identify and report breaches and weaknesses in a timely manner, and test systems in simulated incidents. It will also support ASD's broader work in monitoring and responding to cyber threats against critical infrastructure.

Screen vendors and investors. Consistent with the stance taken on 5G, Australia will continue to block high-risk vendors and investors from systems of national significance. We will propose legislation as needed to ensure that relevant ministers remain appropriately empowered to exclude actors that may compromise critical infrastructure.

Protect critical infrastructure against natural hazards. A priority reform in this regard will be to mandate climate and disaster-resilient design standards for new infrastructure. These standards will be developed in consultation with industry, and assistance will be provided to operators looking to upgrade existing infrastructure to meet the new requirements.

Bolster grid reliability in the context of the energy transition. To do so, we will devote greater federal funding towards the modernisation of existing transmission infrastructure; the construction of new interconnectors, especially those that build greater redundancy into the network; and new generation and dispatchable storage capacity. We note AEMO's critical and complementary work in preparing Australia's grid to handle a 100% penetration of renewables by 2025.

Boost our capacity to repair damaged subsea cables. The prospect of waiting weeks for foreign ships to repair breaks in critical subsea energy cables, whether domestic interconnectors or planned export links, is untenable. Likewise, given Australia's reliance on access to international fibre-optic networks, we cannot afford to sustain lengthy disconnections in the event that vital communications cables are cut. For these reasons, Australia will seek to acquire a permanent, nationally flagged cable repair ship capability.