Cyber attacks on the state’s critical infrastructure could result in closures of the state’s rail, water supply, electricity networks, and ports. Closure of key infrastructure would disrupt trade and a range of services, resulting in economic losses for the state. It could cause significant inconvenience for the public and cause major risks to safety and security.

Given the potential threat to critical infrastructure sectors, the Australian Cyber Security Centre has strongly encouraged Australian organisations to investigate their networks for signs of potential malicious activity.

Who we plan to audit
  • selected public sector entities, including government owned corporations.

Other entities who may form part of this audit include:

  • Department of Customer Services, Open Data and Small and Family Business
  • Queensland Treasury.
Audit Objective

In this audit, we will examine whether selected entities are effectively managing their critical infrastructure cyber security risks. This will include whether they:

  • understand and assess the extent to which their information assets and organisational processes are exposed to cyber security risks (to understand potential entry points for cyber attacks)
  • design and implement effective information controls to mitigate identified cyber security risks.

We may also consider whether these entities are meeting their reporting obligations relating to cyber security management under the Security of Critical Infrastructure Act 2018 (Cth).

Area of focus
Digital
Parliamentary Committee
Local Government, Small Business and Customer Service Committee
Planned
Anticipated tabling: to be advised
Contribute now