Cyber attacks on the state’s critical infrastructure could result in closures of the state’s rail, water supply, electricity networks, and ports. Closure of key infrastructure would disrupt trade and a range of services, resulting in economic losses for the state and inconvenience for the public.

Given the potential threat to critical infrastructure sectors, the Australia Cyber Security Centre (ACSC) strongly encouraged Australian organisations to review its advice and investigate their networks for signs of potential malicious activity.

Audit Objective

This audit will examine whether relevant entities are effectively managing their critical infrastructure cyber security risks, including whether they:

  • understand and assess the extent to which their information assets and organisational processes are exposed to cyber security risks
  • design and implement effective information controls to mitigate identified cyber security risks.

It may also consider whether these entities are meeting their reporting obligations relating to cyber security management under the Security of Critical Infrastructure Act 2018 (Cth).

Who we might audit
  • Department of Transport and Main Roads (as the department responsible for digital services)
  • selected public sector entities, including government owned corporations.
Area of focus
Technology risk and opportunities
Parliamentary Committee
Clean Economy Jobs, Resources and Transport Committee
Planned
Anticipated tabling: to be advised