5 minute read

Collaborating cyber insights on Critical Infrastructure Act changes

By Chris Cubbage CISA, Editor

Despite a delay due to border closures, the inaugural South Australian Cyber Risk Meetup was held in Adelaide for the first time. The sold-out event, held at the National Wine Centre of Australia and overlooking Adelaide’s Botanical Gardens, was proudly held with SA AustCyber and ISACA Adelaide.

Partners, supporters, and the audience were rewarded with a robust panel session on the latest reform of the Security of Critical Infrastructure Act (SOCI Act). Gaye Deegan, Director, Joint Cyber Security Centre, Adelaide gave an important overview of the legislation and was then joined by Venu Annam, Manager, Cyber Security, Risk and Resilience, SA Water, Debi Ashenden, Joint Chair in Cybersecurity, DSTG-University of Adelaide and Alex Nehmy, Director, Industry 4.0 Strategy - APAC & Japan, Palo Alto Networks.

Skilfully moderated by AustCyber SA Node Manager and Principal Advisor Cyber Security & Risk with the Department for Innovation and Skills, Paula Oliver ensured the latest reform of the SOCI Act remained front and centre. With the SOCI Act being applied to 11 industry sectors as part of the reform, there was naturally strong audience interest and an energetic question time.

The panel discussed how cyber leaders and executives need to approach the reform, in particular given the threat landscape with the war in Ukraine. Also covered was what are some of the best practices that cybersecurity professionals can share and how will the rest of the industry respond in implementing the requirements, with the reporting regime of most concern.

For Paula Oliver, the highlight was to hear the theme of collaboration coming through the conversation. “That sense that we all have a role to play in assisting one another especially those sectors that are new to the scope, to help them with the requirements,” she said. “It makes you feel proud to be South Australian when you get such a strong sense of willingness to support and of community at those events.”

Ferrall Tirtadinata, WA/SA Meetup Chapter Lead and Business Solutions Director with Avertro confirmed the sense of collaboration. He said “the SOCI Act changes continue to be a hot topic in the cyber and risk community. The amount of industry involvement is a great indicator, but there were some definite gaps and language that needs to be ironed out. The insights from Gaye and Debi from their point of view were entertainingly succinct and informational, and the industry insights from Alex and Venu were a great roundup of the topic at hand.”

Alex Nehmy also noted the diverse perspectives offered by the panellists, bringing together industry, government, and academia. “The panellists agreed that cyber maturity across critical infrastructure needs to improve, however the varying maturity between sectors led to a healthy discussion on the scale of the challenge this legislation poses for many organisations,” he said. “My key takeaway is the central nature that risk management plays in this new regulation. Whether it's cyber, personnel, physical or supply chain risk, the need for a mature, all hazards approach to risk management is imperative. Maturing the risk management process is a no regrets activity that all critical infrastructure organisations can begin immediately.

The organisations that form the supply chain to critical infrastructure should start focussing on improving their cyber maturity and risk management processes too. Even though this legislation doesn't specifically apply to them, the regulated critical infrastructure entities will expect their key suppliers to demonstrate a minimum level of cyber maturity.

Organisations shouldn't have a singular focus on compliance with the legislation. The ultimate goal is an appropriately robust and resilient cyber posture for Australia's critical infrastructure and the level of cyber maturity should be commensurate to the risk faced, rather than meeting baseline compliance.”

In addition to the importance of this legislation and the impacts on industry, is also the importance of industry networking. Paula Oliver commented, “The past two years of the pandemic have left everyone feeling the fatigue from online meetings and events so it was great to be able to have the event face-toface after postponing in November 2021. The in-person events stimulate so much connectedness and organic conversations things just start happening and ideas flow. For example, from the networking after the event, one of SA’s cyber professionals volunteered to lead the SA cyber riskers chapter meet ups which is amazing! To be able to foster an environment bringing everyone together which sparks new activity and growth is such a rewarding feeling.

Farrell concluded, “I can't thank the team enough for bringing what's arguably already the most successful launch we've had in a while. The collaboration, effort and support from everyone involved were world-class and set such a high benchmark! Massive kudos goes out to Paula and Jasmine from the SA AustCyber Innovation Node for their support throughout. Big thanks to our esteemed panellists, as well as our sponsors Palo Alto Networks and AWS Adelaide - and lastly, to the Adelaide community for making the event such a success, we can't wait to bring in the next one!”

Gaye Deegan, Director, Joint Cyber Security Centre, Adelaide

This article is from: