What is Critical Infrastructure Protection?
The term Critical Infrastructure Protection (CIP) relates to the systematic and pragmatic approach to the protection of assets, supply chains and networks whose unavailability would have a significant detrimental impact on the security of Australia or the social and economic wellbeing of its people.
CIP examines threats & possible attacks against the critical assets of a country. It provides a helicopter of what measures can be taken, what measures are effective, & what possible counter attacks can be used in the successful deployment of protecting critical assets and the resumption of operations following an incident.
There are national, territory and state-based guidelines and frameworks for the protection of Critical Infrastructure (CI) geared to provide a framework for a national and consistent approach for the protection of CI assets. Although they primarily are designed to focus on the protection from terrorism, the guidelines recognise that treatment for CI assets will depend on the individual assessment and criticality of the asset, the security posture and profile for the asset
or relevant sector. Terrorism is but one of many threats which CI needs to be protected from. Another threat is the current environment where organisations are impacted by the global pandemic of COVID-19. As such the responsibility for the continuity of critical infrastructure is shared by all governments and by owners and operators alike.
Further to this the Australian Government has developed the Trusted Information Sharing Network (TISN) for critical infrastructure resilience. This provides and environment where owners, operators and Government can work together to share information on security related issues affecting CI assets and the continuity of operations associated with all threats.
This Strategy has a strong focus on developing partnerships, and illustrates the commitment of the Australian Government to working with owners and operators and state and territory Governments to achieve complementary and mutually beneficial outcomes.
Why protect Critical Infrastructure?
What is being protected is not always the infrastructure itself but the services it provides. Therefore CIP involves a range of strategies with the objective of protecting not only the physical Infrastructure, but all assets that are deemed Critical in the sense that we could not do without them. Or at the very least the disruption to their services would make life difficult, or affect our national security. A number of these strategies include protective security, crime prevention, business continuity and risk management, and emergency management. An asset could be deemed critical when the services it provides are vital to a state or the nation as a whole.
The list of infrastructures and services that are generally considered critical include, public health, transportation, defence, telecommunications, banking and finance, agriculture, food, water, power, government services and emergency services.
Understanding where the real threat lies
An understanding where the major threats will come from is imperative when determining what needs to be protected and why. Once this has been defined appropriate plans and measures can be implemented to resume operations post incident.
While events such as the 9/11 attacks on the World Trade Centre and the Pentagon, and the attacks on the London Underground Railway system in the UK all targeted aspects of what we term CI. Some may question that we are overplaying terrorism (perhaps out of hype or fear) and underplaying the danger of other threats including COVID-19 or Mother Nature? The reality is that each of these threats call out for a CIP and associated response mechanisms.
The question is which areas should we devote more time, effort and finance towards, man made threats such as terrorism, civil war, issue motivated groups and so forth, or natural threats such as earthquake, flooding, fires, cyclone, drought etc.? The answer may not be as simple as one may assume, however one thing is certain and that is all such incidents must be considered in order to provide a holistic and coordinated approach to CIP.
Emergency Management and Response
The importance of CIP transcends the traditional safety and security regimes, and therefore a shift in the traditional mindset to incorporate a balanced and coordinated approach to not only focus on the protection of the assets themselves but how can we manage, respond to and recover from such incidents is needed. These actions and tasks refer to deliberate activities that are undertaken in advance of an incident to develop operational capabilities to facilitate an effective response.
Large scale CI threats will take their lead from the global context, however it behoves us to do our bit minimise the effect by being prepared as much as possible.
As a result business continuity of critical infrastructure looks at not only how we deal with incidents, but also the effect any disruption or loss may have. BC provides identification and consensus on criticality of the asset and supply chains as a whole rather than focusing on just how we deal with the incident in isolation.
Challenges
There are many challenges associated with the protection of CI assets and can often include
limited security awareness, lack of acceptance or understanding of security requirements. Or even where a person’s perspective may mistakenly adopt the line that security is not required at all. Within Australia more than 90% of CI is owned privately, which is certainly a challenge when determining who will protect, pay and respond to incidents around CI.
Summary
Enhancing capability for prevention, recovery and response relating to incidents against CI is not an easy task. Apathy against CIP will need to change, as advances in technology and changes to internal governance requirements highlight that a dynamic approach is required. These factors only increase the argument that a coordinated approach is imperative to make sure that when an incident occurs owners, operators and Australia as a nation can prepare, prevent, respond and recover quickly and with as little impact or exposure as possible.
