Article

Executive Summary Pre-employment screening is often treated as an administrative gateway: a set of standard checks applied uniformly to every role, regardless of consequence or risk embodied in the role. In Australia’s critical infrastructure environment, this approach is no longer adequate, and in some cases, it may even create new vulnerabilities. Importantly, most organisations already […]

Article 1: Workforce assurance in critical infrastructure series Executive Summary Workforce assurance is now a key national security capability for Australia’s critical infrastructure sectors. As the operating environment becomes more complex, the risks associated with trusted insiders, including employees, contractors and third-party personnel with legitimate access, are increasing. Many organisations continue to rely heavily on the

Executive framing: why this distinction matters now As organisations subject to the Security of Critical Infrastructure Act 2018 (SOCI Act) continue to mature in their implementation of the Critical Infrastructure Risk Management Program (CIRMP), many Boards and executives are now asking a sensible question: “Are we compliant, and what does CIRMP maturity actually tell us?” Yet, before

In October – November 2025, I was invited to speak to groups on matters relating to Australia’s Security of Critical Infrastructure Act 2018 (SOCI Act).  I presented to representatives of the Australian superannuation industry, the Victorian transport industry sector, a cyber security conference, a critical infrastructure sector national conference, and a Department of Premier and Cabinet.  For all but

Introduction For many organisations, insider threat feels remote, something that happens elsewhere, under unusual circumstances, involving unusual people. That sense of distance is comforting. It taps into a well-documented psychological tendency in human nature: we assume that rare or uncomfortable risks are more likely to affect others than ourselves. This cognitive bias allows leaders to

A supply chain is only as strong as its weakest known link Australia’s critical infrastructure sectors depend on complex and interlinked supply chains that now sit at the centre of national resilience. This article describes an eight-step framework for risk-based supply chain mapping and categorisation aligned with theSecurity of Critical Infrastructure Act 2018 (SOCI Act) and its

The challenge of identifying critical workers Across Australia’s critical infrastructure sectors, one of the most persistent challenges in implementing the Security of Critical Infrastructure Act 2018 (SOCI) and its subordinate Rules has been identifying and managing critical workers – those individuals whose absence, compromise, or misconduct could disrupt essential services or cause significant harm to the operations of