SOCI Lights Fire Under SAGE 2022
SOCI Lights Fire Under SAGE 2022 – the expansion of Australia’s Security Of Critical Infrastructure Act from cyber security to cover the physical security of 11 key infrastructure sectors is likely to fire up proceedings at Security & Government Expo in Canberra, November 17.
Likely to be a speaker’s topic at the event, as well as the subject of much discussion, the expanded SOCI Act is designed to elevate the security and resilience of Australia’s critical infrastructure, keeping it safe from physical, supply chain, cyber and personnel threats.
The expanded SOCI Act applies to verticals including electricity, communications, data storage or processing, financial services and markets, water, health care and medical, higher education and research, food and grocery, transport, space technology, and defence industry
SOCI is end-to-end and it’s loose enough and pointy enough to apply to procedures, hardware, software, supply chain, supporting utilities and security staff skills and training, with responsibility for meeting the Act potentially resting on security consultants, security integrators, security managers, senior managers, company directors, and more.
SOCI is described as encapsulating 3 security obligations that can be ‘activated’ at different times for different asset classes. The third of these obligations is the trick – it requires adoption, maintenance and compliance with a risk management program that “identifies and mitigates material risks to critical infrastructure assets”. Clearly obligation number 3 can’t simply be ‘activated’. As security managers well know, you can’t turn on systems and procedures that don’t exist.
What this means is that SOCI’s third obligation is going to drive target hardening of critical infrastructure, re-assessment of the security at key facilities, upgrades brought forward and a re-evaluation of some assets whose security it’s been possible to ignore. Complicating matters, the SOCI Act’s end-to-end nature means its demands will leach into the standards of critical infrastructure providers at every layer – including security providers.
#SEN #SENnews #security #electronics