“Foreign interference is no longer a hypothetical threat – it is active, evolving, and targeting the systems that underpin our nation’s security.” Mike Burgess, ASIO Director-General, 2025 Threat Assessment
According to the 2025 Annual Threat Assessment delivered by ASIO Director-General Mike Burgess, foreign interference and espionage are occurring at “extreme levels” and are “set to increase further”. The Director-General made it unequivocally clear: hostile state actors are actively working to penetrate Australian institutions, harass and intimidate residents, and undermine sovereignty.
For Australia’s critical infrastructure organisations – from water and energy utilities to airports, ports, communications networks, and data services – this warning has direct and urgent implications. These entities are custodians of the systems, critical assets, and information that underpin Australian national security, resilience, economic sovereignty, and defence readiness.
ASIO has confirmed that multiple foreign regimes are engaged in foreign interference operations in Australia. Some have gone as far as plotting physical harm against individuals residing here, including attempts to lure people overseas under false pretences to harm them. The scale and sophistication of these campaigns reflect a long-term strategic effort to subvert institutions, coerce individuals, and gain access to Australia’s critical infrastructure to cause harm through both direct and indirect means.
Importantly, these threats do not always resemble traditional espionage. ASIO warns that foreign interference is increasingly non-traditional and covert. It may be conducted through front companies, commercial partnerships, research collaborations, or diaspora community pressure. Foreign actors may seek to embed themselves within critical infrastructure supply chains or workforce structures using corporate fronts, academic programs, or undeclared affiliations – bypassing conventional detection mechanisms.
Foreign interference is not just a concern for security agencies. It is a boardroom issue, a governance challenge, and a strategic risk that must be actively managed across all levels of critical infrastructure entities.
In this article, Pentagram Advisory explores the relevance of foreign interference to Australia’s critical infrastructure sector and offers practical, proportionate solutions to help organisations detect, mitigate, and respond to this growing threat.
What is foreign interference?
Foreign interference refers to actions undertaken by, on behalf of, or in active collaboration with a foreign power. Those actions are clandestine, deceptive, coercive, or detrimental to Australia’s national interests. Unlike overt diplomacy or advocacy, which are legitimate activities, foreign interference is designed to operate in the shadows, to shape outcomes without public awareness, often in ways that violate sovereignty, democratic integrity, and individual rights.
According to the Australian Government’s Countering Foreign Interference in Australia strategy, these activities can include:
- threats to individuals, such as coercion, harassment, or intimidation
- undeclared manipulation of information, institutions, or systems
- espionage and unauthorised data exfiltration
- exploitation of commercial or academic partnerships to gain advantage
- attempts to disrupt or control infrastructure or democratic processes.
Foreign interference is a criminal offence under the Commonwealth Criminal Code Act 1995, punishable by up to 20 years’ imprisonment.
How is foreign influence different from foreign interference?
While the terms are sometimes used interchangeably in public discussion, there is an important legal and operational distinction between foreign interference and foreign influence.
Foreign influence refers to open and transparent efforts by governments, including the Australian Government, to shape global perspectives, build bilateral relationships, or advocate for policy positions. Legitimate examples include diplomatic engagement, cultural diplomacy, political lobbying, and international broadcasting, provided these activities are conducted in a respectful, lawful, and publicly declared manner.
By contrast, foreign interference crosses a critical line: it involves deceptive or coercive conduct, conceals foreign direction, and is carried out against Australia’s national interests. It may manipulate Australian individuals or institutions without their informed consent, and often seeks to evade scrutiny or bypass public debate.
Understanding this distinction is essential for critical infrastructure entities at risk. Being subject to foreign influence is a feature of global engagement. Being targeted by foreign interference, however, represents a direct threat to national security and demands a firm and coordinated response.
Understanding foreign interference in the critical infrastructure context
In the context of critical infrastructure, foreign interference may take many forms. State-backed actors may seek to recruit insiders through coercion or ideology, embed personnel via foreign partnerships or ownership structures, or exploit technical vulnerabilities in essential services. The infiltration of decision-making processes, access to sensitive personal or operational data, and manipulation of supply chains all serve strategic purposes for foreign governments.
Australia’s legislative response has evolved in recognition of this threat. The Security of Critical Infrastructure Act 2018 (SOCI Act), particularly following its 2021 and 2022 amendments, mandates entities to manage and report on a range of risks – including those stemming from personnel, supply chains, and cyber threats. Importantly, the Critical Infrastructure Risk Management Program framework requires responsible entities for critical infrastructure assets to assess and respond to threats that are not purely technical or procedural, but also human-driven and state-sponsored.
Why critical infrastructure is a high-value target
Critical infrastructure plays a focal role in Australia’s national security. These systems are attractive to foreign intelligence services not only because they contain sensitive data, control systems, and proprietary processes, but also for what they represent: opportunities for disruption, leverage, and strategic dominance over Australia.
Foreign actors may exploit legitimate business and academic research partnerships, secure front companies, or use third-party contractors and international secondees as pathways into Australian organisations. As ASIO has pointed out in past briefings, these actors are patient and persistent – cultivating influence over years if necessary. Critical infrastructure entities that operate across jurisdictions or rely heavily on international supply chains may unknowingly expose themselves to foreign state-owned enterprises or proxies acting on behalf of intelligence services.
Targeting of critical infrastructure entities is not only about gaining access, but also about shaping outcomes – influencing procurement decisions, internal policies, investments or strategic directions in ways that subtly favour foreign interests. That said, subtle influence is not the only option.
A foreign actor could be positioned to disrupt components of Australia’s critical infrastructure, such as a coordinated widespread disruption to electricity or telecommunications at the time an adversary launches an offensive or military act against Australia, to seriously impair efforts to detect and respond to such an act.
Addressing the challenge: What critical infrastructure entities can do
To effectively counter foreign interference, critical infrastructure entities must go beyond regulatory compliance and adopt a strategic, enterprise-wide approach to security. This means building security into leadership, culture, and decision-making – not just at the perimeter of IT systems.
First, organisations must develop a threat-aware security culture. An organisation must educate its employees, contractors, and third parties on what foreign interference looks like in practice – from unsolicited approaches or offers, to undue influence from overseas partners. Raising awareness of how individuals may be targeted, groomed, or coerced is essential to detecting early signs and promoting a “speak-up” security culture.
Second, insider threat mitigation must be prioritised as a core business function, not an afterthought. Prioritisation includes rigorous workforce screening – not just at recruitment, but throughout ongoing employment, especially in critical roles with access to sensitive operational, financial, or personal information. Dedicated insider threat programs that include behavioural monitoring tools, conflict of interest declarations, and proactive case management for at-risk individuals can reduce the likelihood of insiders being exploited by foreign actors.
Third, critical infrastructure entities must treat supply chain risk as an extension of foreign interference risk. Many foreign influence campaigns operate through opaque ownership structures, hidden beneficial interests, and influence over subcontractors or offshore providers. Organisations should assess supplier exposure, understand country-of-origin risk, and ensure their contractual arrangements allow for audits, data security obligations, and disengagement if a supplier is found to pose a security concern.
The supply chain component took on additional piquancy from April 2025 with the Trump administration’s erection of a tariff wall around the United States. These tariffs are assessed as highly likely to radically reshape the global rules-based trade arrangements set out in the aftermath of World War II and also the move to globalisation from the 1990s. With global trading in chaos many organisations will be obliged to seek new suppliers which will present vast new opportunities for foreign interference.
Strengthening due diligence for decision-makers
For critical infrastructure entities, strategic awareness must extend to partnerships, governance, and investment decisions. Board members, directors, executives, and procurement officers should adopt clear due diligence practices to identify and mitigate potential vectors of foreign interference.
The Department of Home Affairs recommends several checks that can help assess the risk profile of individuals and organisations within your supply chain:
- Check the Department of Foreign Affairs and Trade Consolidated List, which includes individuals and entities subject to Australia’s sanctions regime.
- Consult the Foreign Influence Transparency Scheme register to understand whether an individual or organisation has declared relationships with foreign governments or political organisations.
- Confirm the legitimacy and local registration status of companies through the Australian Business Register and the Australian Securities and Investments Commission.
- Examine company ownership and shareholding structures, including parent companies and silent partners, particularly when entering high-trust business relationships.
- Consider the level of access to systems, information, and technologies being granted as part of a partnership or investment, and ensure legal mechanisms exist to terminate agreements if risk thresholds are breached.
- Assess whether the legal regime of the company’s home country allows government or intelligence agencies to compel access to sensitive data, even from foreign-based partners.
These checks should form part of a standardised risk management approach for all critical infrastructure entities engaging in strategic partnerships or onboarding critical personnel and vendors.
The role of OSINT in countering foreign interference
Open Source Intelligence (OSINT) can be a powerful tool for identifying and managing the risks of foreign interference – particularly in relation to insider threat and supply chain assurance.
In the context of workforce screening, OSINT techniques can help verify claims of employment, education, and affiliations, and detect red flags that traditional background checks may miss. For example, public profiles, domain registrations, leaked data sources, and foreign-language media can help identify potential undeclared foreign ties, ideological alignments, or indicators of coercion.
In supply chain security, OSINT can support due diligence by uncovering links between suppliers and foreign governments or military entities, undisclosed mergers or acquisitions, or reputational concerns in other jurisdictions. It can also identify patterns of cyber activity, intellectual property theft, or coordinated influence operations targeting Australian sectors.
When used ethically and legally, OSINT enables critical infrastructure entities to make better-informed decisions about who they work with, who has access to their critical systems, and where their vulnerabilities lie. Combined with internal governance and external reporting obligations, OSINT can enhance CIRMP reviews and strengthen risk mitigation planning.
Reporting and collaboration
As ASIO and the Department of Home Affairs have repeatedly stated, government cannot manage this threat landscape alone. Critical infrastructure entities must play an active role in reporting and collaboration. It is in their interest to do so.
Suspicious approaches, coercive activity, or potential interference should be reported through secure channels such as the ASIO Notifiable Incidents, Threats or Reportable Observations (NITRO) portal or the National Security Hotline.
Critical infrastructure entities should also engage with the ACSC Partnership Program, which provides intelligence sharing, threat mitigation advice, and sector-specific resources.
Conclusion: moving from awareness to action
The threat of foreign interference is no longer emerging – it is entrenched. As ASIO has warned, it is pervasive, adaptive, and it targets the very systems on which Australians depend for their daily lives. For critical infrastructure entities, the question is not whether they are being targeted, but how well prepared they are to detect and respond.
Countering foreign interference requires more than firewalls and policies. It requires a security mindset embedded in leadership, a risk-informed culture at every level, and the ability to see beyond the obvious through using tools like OSINT and behavioural analysis.
By strengthening insider threat mitigation through dedicated programs, securing supply chains, and embracing proactive threat intelligence, Australia’s critical infrastructure sectors can play an important role in safeguarding national sovereignty, economic resilience, business continuity, and public trust.