Be prepared for critical infrastructure reforms

John Powell

Principal Security Consultant


The last two years has seen a steady increase in malicious cyber activity targeted at Australian organisations. Particularly concerning is the attempt to infiltrate ‘critical infrastructure’.    

In consultation with Australian industry, the Department of Home Affairs has developed one of the most significant and wide-ranging pieces of security legislation to be mandated locally.

It extends the scope of ‘critical infrastructure’ to eleven sectors whilst also introducing new cyber security obligations and reporting requirements.

So, what is ‘critical infrastructure’?

It applies to organisations in the following sectors:

  • Communications
  • Data storage and processing
  • Financial services and markets
  • Water and sewerage
  • Energy
  • Health care and medical
  • Higher education and research
  • Food and grocery
  • Transport
  • Space technology
  • Defence

If you’re looking at the list above and realising you’re now classed as ‘critical infrastructure’, join the club. Telstra is on the list too.

What does this enhanced regulatory framework look like?

Critical infrastructure operators are now responsible for identifying and managing risks. Operators of systems of national significance have additional responsibilities in order to prepare and respond to cyber attacks.

Key changes include:

  • New reporting and notification obligations - Cyber security incidents which have a ‘significant impact’ must be reported to the Australian Signals Directorate (ASD) within 12 hours.
  • Information security management system development – introduces a standards compliant framework for managing cyber security.
  • An incident response plan (for systems of national significance) – updated and maintained annually.
  • Cyber security exercises and vulnerability assessments (for systems of national significance) – may be requested to be reported to Home Affairs.

Why Telstra?

As a critical infrastructure operator, Telstra is living this journey. We have been monitoring these changes to help make sure the security of our network is suitable to mitigate the risks we face. As part of the larger Telstra team, Telstra Purple has been monitoring these changes as well and checking the requirements in the legislation with the services we offer.

So, if you’re facing these new changes with some trepidation, not quite knowing where to start, Telstra Purple can help. We’re trusted to help ensure business continuity and protection for major Australian organisations, from banking and finance to defence operations. This is founded on decades of experience in the protection of our national communications network and a proven track record for managing core networks for our customers. 

Where do I start?

Get informed: Telstra Purple gives you access to 300 security experts who can deliver the right service.

Get organised: If there are gaps in your security, Telstra Purple has the security tools to help solve the problem. Unlike many other consultants, our tool kit backs up advice with technology, so we can offer solutions such as Cyber Detection and Response, using Security Operations Centres based in Australia, and more, depending on what your organisation needs.

Get help: Most organisations will need help to develop a robust information security management system (ISMS). Telstra Purple has the experience and capability to help you build an ISMS that is right for your organisation.

For organisations that operate systems of national significance, Telstra Purple provides:

  • Incident Response (IR) Readiness Assessments to facilitate a clear understanding of your organisation’s current incident response capability and areas that can be improved.
  • Vulnerability assessments to highlight detected software code and configuration weaknesses.
  • Cyber exercises to test your protection and response plans across all the organisation including HR, communications (internal and external), finance and legal, auditing/compliance, and the board.

Leverage the skill of Telstra Purple and the experience of Telstra to help you deal with the cyber security measures under the Security of Critical Infrastructure Act.

Make a real difference Speak to an expert