Critical Infrastructure Protection Page 1 of 4

You are here: Home » National security and counter-terrorism » Critical Infrastructure Protection

Critical Infrastructure Protection

Australia’s critical infrastructure is important to our national security. To read more about national security go
to the National Security web site.

„ What is critical infrastructure?

„ Who owns Australia’s critical infrastructure?
„ What is critical infrastructure protection?
„ What is the threat to critical infrastructure?
„ Who is responsible for protecting critical infrastructure?
„ How is Australia’s critical infrastructure being protected?
„ The Trusted Information Sharing Network for Critical Infrastructure Protection
„ What is the National Information Infrastructure?
„ What do Computer Emergency Response Teams do?
„ Other programs

What is critical infrastructure?

‘Critical infrastructure’ can mean different things to different people. To the Australian Government it means:

those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or
rendered unavailable for an extended period, would adversely impact on the social or economic well-being of the nation or affect
Australia’s ability to ensure national security.

Examples of critical infrastructure that all Australians rely on include essential services like power, water, health
services, communications systems and banking.

Who owns Australia’s critical infrastructure?

In some parts of Australia, up to 90 per cent of critical infrastructure is privately owned or operated on a
commercial basis. Other critical infrastructure may be owned by the Australian Government or State and
Territory governments.

What is critical infrastructure protection?

A number of existing strategies, plans and procedures that deal with preventing, preparing for, responding to
and recovering from disasters and emergencies come together to protect critical infrastructure. These include:

„ law enforcement and crime prevention

„ counter-terrorism
„ national security and defence
„ emergency management
„ business continuity planning

http://www.ag.gov.au/www/agd/agd.nsf/Page/Nationalsecurity_CriticalInfrastructurePro... 7/3/2008
Critical Infrastructure Protection Page 2 of 4

„ protective security
„ e-security
„ natural disaster planning and preparedness
„ risk management
„ professional networking, and
„ market regulation, planning and infrastructure development.

What is the threat to critical infrastructure?

The Government believes terrorism is a real threat to Australia’s critical infrastructure. Other things, like
cyclones, fires and accidents can also damage or destroy critical infrastructure. The Government therefore
believes that arrangements for protecting critical infrastructure needs to cover ‘all hazards’.
If a disaster damages or destroys part of Australia’s critical infrastructure we need to get it up and running again
as quickly as possible. The Australian Government is working with critical infrastructure owners and operators
to make sure Australia’s vital services are suitably protected and, if they are damaged, that they can be restored
quickly.
Who is responsible for protecting critical infrastructure?

The responsibility for protecting critical infrastructure is shared between critical infrastructure owners and
operators, the Commonwealth and State and Territory governments.

How is Australia’s critical infrastructure being protected?

As with most businesses, those who own or run critical infrastructure know the best way to protect it, how to
manage an incident and how to get things up and running again.
While the Government believes that regulations are not the best way to protect all types of critical
infrastructure in some areas regulations are needed for special reasons. For example, in the transport industry
regulations are needed so Australia can meet international obligations.
The Trusted Information Sharing Network for Critical Infrastructure Protection

The Trusted Information Sharing Network for Critical Infrastructure Protection is one way that businesses and
governments work together to protect critical infrastructure.

A diagram of the network

What does the network do?

The Trusted Information Sharing Network for Critical Infrastructure Protection, commonly called ‘the TISN’,
is a forum where critical infrastructure owners and operators work together by sharing information on security
issues.
Who belongs to the network?
The network’s members include businesses, State and Territory government agencies and Commonwealth
government agencies that are concerned with protecting critical infrastructure.

Industry Groups
There are nine groups for different industries. These are:

„ banking and finance
„ communications
„ emergency services
„ energy

http://www.ag.gov.au/www/agd/agd.nsf/Page/Nationalsecurity_CriticalInfrastructurePro... 7/3/2008
Critical Infrastructure Protection Page 3 of 4

„ food chain
„ health
„ mass gatherings
„ transport, and
„ water services.

These groups are called ‘Infrastructure Assurance Advisory Groups’.

More information about the different industry groups 

Advisory Council
The Critical Infrastructure Advisory Council oversees the work done by the industry groups. It is made up of
delegates from each of the industry groups, State and Territory governments, the National Counter-Terrorism
Committee and Australian Government agencies concerned with critical infrastructure.
The Council reports to the Attorney-General and links into Australia’s counter-terrorism arrangements.
Critical Infrastructure Advisory Council  

Expert advice
There are two Expert Advisory Groups that give the Critical Infrastructure Advisory Council advice on special
matters. They are:

„ the IT Security Expert Advisory Group, and

„ the CIP Futures Expert Advisory Group.

Other Expert Advisory Groups are formed from time to time to consider specific issues.

Expert Advisory Groups

What is the National Information Infrastructure?

The communication networks that Australia relies on make up the National Information Infrastructure. These
include data, telephone and computer networks.

National Information Infrastructure

What do Computer Emergency Response Teams do?

The Computer Security Incident Response Teams and the Computer Security Incident Readiness Team, both
usually called ‘CSIRTs’, play an important role in keeping computer systems safe. There are CSIRTs in many
countries which work together to protect computer systems.
At the national level, Australia has an Australian Government computer emergency readiness team
(GovCERT.au) and a non-government computer emergency response team (AusCERT).

GovCERT.au—Australian Government Computer Emergency Readiness Team

GovCERT.au was established by the Australian Government to provide Australian critical infrastructure, and
other identified businesses, with specific advice on computer security preparedness and readiness. It is also the
Australian Government’s point of contact for foreign governments on CERT and computer security issues of
national interest.

Specifically, GovCERT.au:

„ coordinates enquiries from foreign governments about cyber-security issues that affect Australia’s

http://www.ag.gov.au/www/agd/agd.nsf/Page/Nationalsecurity_CriticalInfrastructurePro... 7/3/2008
Critical Infrastructure Protection Page 4 of 4

critical infrastructure and the economy more broadly

„ passes on specific computer security information to Australian critical infrastructure owners and
operators, and
„ develops and coordinates the Australian Government’s policy on how to prepare for, respond to, and
recover from, computer emergencies.

Importantly, GovCERT.au does not handle day-to-day computer incidents, but works with AusCERT and
others to secure Australia’s information infrastructure.
More information about GovCERT.au
AusCERT—Australian Computer Emergency Response Team
AusCERT is a not-for-profit organisation located at the University of Queensland and is the national
Computer Emergency Response Team for Australia and a leading CERT in the Asia – Pacific region. As a
trusted Australian contact within a worldwide network of computer security experts, AusCERT provides
computer incident prevention and response and mitigation strategies for members on a subscription basis.
AusCERT’s web site

Other programs

Computer Network Vulnerability Assessment Program

The Computer Network Vulnerability Assessment Program is a grants program for critical infrastructure
owners and operators that helps them check the security of their computer networks, including any associated
physical and personnel security issues.

Computer Vulnerability Assessment Program fact sheet

Critical Infrastructure Protection Modelling and Analysis Program

The Critical Infrastructure Protection Modelling and Analysis Program shows how different parts of Australia’s
critical infrastructure rely on each other. It can also show in detail what the consequences would be if a piece of
critical infrastructure fails.
Critical Infrastructure Protection Modelling and Analysis Program fact sheet

Date Created: Thursday, 7 December 2006

Last Modified: Monday, 7 January 2008
Authorised By: Branch Head, Critical Infrastructure Protection Branch
Maintainer: Critical Infrastructure Protection Branch

http://www.ag.gov.au/www/agd/agd.nsf/Page/Nationalsecurity_CriticalInfrastructurePro... 7/3/2008