Australia’s Critical Infrastructure Faces Rising Insider Cyber Threats Amid SOCI Reforms
An invite-only panel in Melbourne recently discussed the reforms of the Security of Critical Infrastructure Act (SOCI) 2018. The event, hosted by the Australian Cyber Collaboration Centre and its members, attracted around 200 guests in-person and online. Hamish Hansford, Head of Cyber and Infrastructure Security Centre at Home Affairs, contributed to the panel.
The panel supported a preventative approach to protective security, including 'teachable moments'. This comes as cyber breaches reach an all-time high, with insider threats posing a significant risk to critical infrastructure. Insider threat incidents have increased by 44% in frequency and cost over the past two years, with 56% resulting from negligence.
Panelists agreed that cultural change from the CEO down is needed to manage insider risk effectively. The draft Risk Management Program Rules require certain critical infrastructure asset owners and operators to uplift personnel security and mitigate insider risk. Protecting critical infrastructure is essential for preventing power outages due to cybersecurity breaches. The Australian Cyber Collaboration Centre plans to host another panel in March 2023 to review progress and share insights.
The panel discussion on SOCI 2018 reforms highlighted the growing threat of insider incidents and the need for cultural change and improved personnel security. The upcoming panel in March aims to further address these issues and share progress made in protecting critical infrastructure.
