Introduction and Executive Summary
Global Shield Australia welcomes the Department of Home Affairs’ (the Department) proposed enhancements to the Critical Infrastructure Risk Management Program (CIRMP) rules1 and the opportunity to provide a submission on the proposed changes.
Global Shield Australia is a non-profit policy advocacy organisation dedicated to reducing global catastrophic risk. We support governments to enact and effectively implement policies that prevent and prepare for all forms of risk, including in relation to critical infrastructure.
The Department’s proposed enhanced CIRMP rules will help safeguard Australia’s critical infrastructure against new and evolving sources of risk. Global Shield Australia is particularly supportive of the proposals to:
(a) Require entities to map their supply chains and critical systems to identify critical vulnerabilities and minimise or eliminate related material risks.2 The proposed coverage of physical and digital (or cyber) supply chains, including AI supply chains, will be key to ensuring the effectiveness of this enhancement, along with clear guidance and support for industry on how this should be done.
(b) Enable the Departmentto require entities to consider specified risk advice from government, identify whether there is a material risk for their asset, and minimise or eliminate that risk as far as reasonably practicable.3 This will help formalise the relevance and application of Australian Government determinations and directions, and ensure entities are integrating these into their risk management considerations. (c) Identify and introduce cyber and information hazard material risks into the CIRMP rules to ensure entities integrate these into their consideration and planning.4 This is an important recognition of the changing nature of the key material risks facing Australia’s critical infrastructure entities.
