Prologue
Australian media reported in May 2025 that the leader of Australia’s Transport Workers Union (TWU) is prepared to “shut down Australian transport” in pursuit of union claims. TWU leader Michael Kaine said that the TWU must seize on Labor’s 2025 election victory to undertake the “largest co-ordinated industrial campaign” in the transport sector’s history. Kaine listed companies that the TWU will target, including through use of “positive militancy”.
Kaine is, in the vernacular of risk management, a ‘credible threat’ to the transport sector because he has the intent and capability to cause harm to transport sector entities and hence to harm all those people and enterprises that rely on Australia’s transport sector services.
Of the many consequences that may stem from Kaine’s threat, for both the targeted businesses and Australia’s broader social and economic wellbeing, it is people that will suffer the harms that Kaine’s “positive militancy” may inflict. And the timing of Kaine’s threat is interesting given Australian Commonwealth legislation of March 2025 which brings new security obligations for owners and operators of critical infrastructure in the Australian transport sectors, including the obligation to significantly enhance the security of their assets and operations for the first time in over 20 years. Enhanced personnel security is central to this security uplift.
Should TWU members bring “positive militancy” into workplaces across the transport sector where TWU members represent less than 20% of workers, then the risk posed by TWU members acting as insider threats is real and requires mitigation. There are solutions available to uplift the security of assets and operations, and of the security of people who enable these, to help mitigate the harms that the TWU is threatening to bring.
The Nature of the Threat
Australian media of 17 May 2025 reported, front page, that the leader of Australia’s Transport Workers Union (TWU) is prepared to “shut down Australian transport” in pursuit of union claims on pay and conditions. TWU leader Michael Kaine said that the TWU must seize on Labor’s 2025 federal election victory to undertake the “largest co-ordinated industrial campaign” in the sector’s history. Kaine said the union needed to capitalise on federal Labor’s re-election, which he says is a “decisive mandate” to end what he claims are employers’ destructive practices that cause death and carnage on the roads, and to give workers enhanced pay and conditions.
Kaine explained that the TWU had planned, over the last eight years, to have over 200 transport sector enterprise agreements expire in 2026 for the purpose of maximising the bargaining power of transport sector workers to take industrial action concurrently across the transport sectors in support of TWU claims on behalf of its members.
Kaine said that the companies targeted by the TWU will include Aldi, Amazon, Boral, Cleanaway, K&S Freighters, Linfox, Qantas, Qube Logistics, Toll, and Virgin Australia. Kaine also said that, in targeting companies, he intended the TWU would engage in “positive militancy” by recasting what “strong unionism” is.
The aviation sector, especially airport operators, were identified by Kaine as a key target. Kaine warned “To those industry players who believe they can continue exploiting transport workers, reconsider your position. You’re about to encounter unprecedented solidarity and determination from this workforce.”
What might we take away from Michael Kaine’s comments?
Foremost, Kaine is making a threat. He is making a threat to employers and entities in the transport sector and, by extension, threatening all people in Australia. Kaine is threatening the job security of the employees and the contractors. He is threatening the owners and shareholders of transport entities. He is threatening disruption and damage to millions of people in Australia (and overseas) who rely on Australia’s transport sector for their daily commute, livelihood, domestic and overseas travel, and supply of everyday essentials including food and medicines. Kaine is threatening to harm Australia’s national wellbeing and Australia’s ability to defend itself.
Kaine says that this threat to “shut down Australian transport” has been planned for almost a decade. He says that Australia’s re-elected Labor government has a “decisive mandate” to take actions in support of the TWU’s objectives, notwithstanding these actions were not made explicit in the policies that the Labor Party took to the May 2025 federal election.
An alternative view to Kaine’s asserted “decisive mandate” is that whilst that election resulted in a victory for the Labor Party with a record 94 seats in the House of Representatives, that result was achieved on a primary vote of 35%, which does not really afford Labor a “decisive mandate”. Rather, the result was more of a rejection of what the Coalition opposition offered voters. The majority of Australians did not vote directly for a Labor government and hence there is no “decisive mandate” won by Labor.
Kaine’s style of remarks and attitude are not new but rather are standard rhetoric for many unions. Historically, in the field of social science, the conflict between labour (in this case TWU) and capital (transport sector owners and operators) refers to the ongoing power struggle and potential exploitation that arises within a capitalist system, which is Australia’s economic model. This conflict stems from the inherent tension between capital owners, who seek to maximise profits, and workers, who seek to improve their wages and working conditions. Marxist theories emphasise this conflict as a central dynamic of capitalist societies. Nothing new here in Kaine’s objectives, rhetoric, or tactics. He is working in the interests of TWU members that he has been selected to represent. Kaine is apparently unconcerned about anyone outside the TWU, or its enablers.
Union Power versus National Interest
The conflict between capital and labour is not solely economic; it also involves political, social, and ideological dimensions. Labour movements often challenge the existing power structures and advocate for social justice, which is the TWU’s approach to transport sector owners and operators. Kaine’s threats and tactics are about more than pay and conditions for TWU members. He is asserting that the Labor government is the power structure and he wants to deploy Labor’s power over the term of the next parliament to secure gains for the TWU’s constituency.
As Michael Stutchbury wrote in the Australian Financial Review on 24 May 2025 about the Australian Labor Party, “Labor remains controlled by organised labour even though trade union coverage has collapsed.” Reinforcing Stutchbury’s point, Julia Gillard, as Prime Minister, said that Labor is a collectivist “labour” party, not a social democratic party, recognising the Labor party distributes power and patronage through parliamentary preselection, ministerial appointments, and other appointments. So Kaine’s comments align with the TWU’s (and the broader union movement’s) influence over the Australian Labor Party and showcase his expectation that the Labor Party will act to benefit TWU members.
Stutchbury went on to comment about the significance of the unions in Australia’s employment landscape: “That’s even though the unions’ coverage of the workforce has collapsed from 50 percent in the 1970s to 13.7 percent – and just 7.9 percent in the private sector.” And “The typical unionist today is a female public sector worker. The four most unionised industries are education, public administration, healthcare, and social assistance.”
Significance of the TWU in the Australian Economy
How significant is the TWU in the Australian labour market?
The TWU has about 57,000 members (2023 figure). The government Australian Infrastructure and Transport Yearbook 2024 (published January 2025) records around 300,000 people working in the transport sector, so the TWU represents the interests of about one-sixth (17%) of the people employed in the sector. Australia’s workforce is about 15 million, of which the TWU represents about 0.004% of Australia’s workers, or about 0.002% of Australia’s population. It’s clear the TWU speaks for a small minority of workers across the transport sector.
This analysis is not presented to demean the TWU in particular, or unions in general. Unions and guilds have played highly important roles, from the industrial revolution in 1760 onwards, in improving safety, pay, working hours, and conditions for workers. However, whilst the TWU has the right to pursue benefits and protections for its members, it does not act in a vacuum and has no more ‘rights’ than any other party. TWU members are not superior to their fellow Australian citizens. Rather, the TWU’s threats and actions, perhaps in the form of “positive militancy”, affect non-union workers, people, customers, businesses, and impinge on broader issues such as national security and Australia’s reputation across the world.
If the TWU has the legal right to act, if the TWU asserts a moral right to act, then the people and entities the TWU is threatening to act against have the right to protect their interests from TWU actions – it’s a two-way street.
If the TWU, having advertised its intent to threaten Australia and its citizens in 2026 to “shut down Australian transport” in pursuit of union claims, causes disruption in the transports sector what might the companies and their employees targeted by the TWU do in anticipation of this threat?
The Legislative Landscape
Australian companies operating with a unionised workforce, and subcontractors who are subject to militant union behaviour, have experience and deep understanding of the industrial relations reality of dealing with militant unions. Militant and unlawful union behaviours are evidenced by the Construction, Forestry, Maritime, Mining and Energy Union (CFMEU) which was placed under Commonwealth administration in 2024, and by the Federated Ship Painters and Dockers Union which was de-registered in 1993 due to criminal activity and minimal membership. I have no advice to offer on industrial relations. My focus is to explore how the effected transport sector companies might protect themselves from people-based threats stemming from the foreshadowed TWU campaign in light of a change in March 2025 to the critical infrastructure operating environment, noting that the transport sector is covered by Australia’s Security of Critical Infrastructure Act 2018 (SOCI Act).
The Transport Security Amendment (Security of Australia’s Transport Sector) Act 2025 (TSA Act) became law on 27 March 2025.
The purpose of the TSA Act is to uplift and enhance the security framework embodied in the Aviation Transport Security Act 2004 (or ATSA) and the Maritime Transport and Offshore Facilities Security Act 2003 (or MTOFSA), which cover many transport sector entities. The TSA Act aligns ATSA and MTOFSA in both function and intent with the Australian Government’s commitment to protecting Australia’s critical infrastructure as set out in the SOCI Act and related legislation.
Key elements of the TSA Act include amendments to either or both ATSA and MTOFSA to:
- amend the definition of ‘unlawful interference’ to capture a broader variety of acts, including cyber security incidents, and attempts as well as successful acts
- impose reporting requirements for cyber security incidents
- provide for the introduction of ‘all-hazards’ security obligations into both legislative schemes, by authorising regulations to be made relating to security programs and plans, minimum security standards that must be met, security assessments and annual reporting
- broaden and align provisions across both ATSA and MTOFSA for the issuance of security directions by the Department of Home Affairs
- amend definitions of ‘port’ and ‘security regulated port’ to ensure that security regulation includes infrastructure, operations, assets and anchorages as part of port facilities.
All-hazards Risk Management – Personnel Security
The most significant evolution in the TSA Act is the move from the early 2000s ATSA and MTOFSA focus on granting people access to zones at a site and on cyber security as forms of security risk management to a new all-encompassing risk-based approach labelled ‘all-hazards’ which aligns with Australia’s SOCI legislation.
The ‘all-hazards’ approach for transport sector entities is based on security principles and risk management, which is a significant change to the compliance approach that had been required under ATSA and MTOFSA over the last two decades. The new approach requires security risk management and mitigation of a broader spectrum of risks and comprises five areas:
- physical security
- cyber security
- supply chain security
- natural hazards
- personnel security
Of most relevance for the entities targeted by the TWU is the revised personnel security hazard.
Personnel security is an existing obligation under the transport security legislative frameworks, but the TSA Act will add personnel security obligations. The TSA Act Explanatory Memorandum (page 51, paragraph 344)provides the following description of personnel security that will apply to all transport sector entities subject to the legislation.
- Personnel with access to systems, data or premises may pose insider threat risks including fraud, theft, espionage, infrastructure sabotage and misuse of sensitive data. This includes personnel such as employees, owners, operators, contractors, and subcontractors. In the transport sector, there has been a risk of issue-motivated disruptions perpetrated by insider personnel. Issue motivated groups can create disruptions through cyberspace and via non-violent protests, as well as serious and organised crime groups concealing illicit commodities from authorities while in transit.
From the legislative advice above, owners and operators of transport sector entities which fall under the TSA Act and ATSA or MTOFSA will be required to mitigate insider threats.
An insider threat is defined as a person who uses their legitimate access to workplace assets or operations to cause harm to those assets or operations. Another way to describe it is a trusted insider harming the organisation that has chosen to invest trust in them.
Also, the description of personnel security lists some of the actions an insider threat may undertake, but there are many more actions, including workplace bullying or physical coercion, all of which are unlawful.
It is noteworthy that the TSA Act ‘personnel security’ description makes mention of issue motivated groups. The TWU is an issue motivated group, the motivating issue being to press for benefits they want provided by employers, carrying on the conflict between capital and labour.
What does the TSA Act mean for transport sector asset owners and operators subject to the TSA Act?
Let’s start with considering company directors.
A guide to the consequences of the TSA Act that directors should be mindful of is provided by Australian Securities and Investment Commission Chair Joe Longo who has said that directors are responsible, perhaps personally responsible, to mitigate foreseeable risks. Whilst Longo’s comment was focused on cyber security risks, the statement is true for all risks that directors are obligated to manage. The threat posed by the TWU to Australia’s transport sector in 2026 has been made public and so directors have a foreseeable threat to mitigate. Also, under the TSA Act directors will need to make an annual formal attestation to the regulator that there is an appropriate risk management program in place, which is operating effectively, to protect the critical infrastructure assets and operations covered by Commonwealth legislation.
Understanding Insider Threats
What about managers and leaders?
For transport sector entity managers and leaders, they will need to consider establishing and operating the mechanism needed to manage and mitigate insider threat, this is known as an ‘insider threat program’.
An insider threat program is designed to enable secure operation of critical assets by educating and supporting people with legitimate access to an enterprise on how to protect themselves, the assets, and the organisation from an array of people-based threats, including ways to confidentially report their concerns about other people for formal review. This approach includes identifying aberrant behaviour in the workplace, or related to the workplace, so that the employing entity can determine if a person’s behaviour may be harmful, or is being harmful, to the entity employing them. All this is delivered by legal means aligned to the principles of workplace health and safety, workforce integrity, privacy, and enterprise security.
Some people consider an insider threat program as a negative, as a security ‘stick’, as infringing on a person’s rights, or as spying on colleagues. An insider threat program is none of those things. Rather, an insider threat program builds on shared interests and common purpose to foster a safe and secure workplace, enabling the successful operation of the enterprise which in turn maintains employment, nourishes people, grows wealth, and contributes to Australia’s economic wellbeing and national security. An insider threat program enables people and managers to identify aberrant behaviour in the workplace and then to do something about it. Not all aberrant behaviour is insider threat behaviour, but all aberrant behaviour needs to be identified and assessed. The insider threat team works to understand behaviour.
Legal and Ethical Responsibilities of Directors and Managers
Trusted insiders – that is employees and contractors – who become insider threats almost always have one key feature, they do not start work with the intention to be an insider threat, and so they can be ‘saved’ from becoming an insider threat with the right intervention if their aberrant behaviour is noted and acted upon.
The best approach to an insider threat program is to communicate to people that its purpose is to benefit the workforce and organisation and, as much as is possible, to identify people who are on the path to becoming an insider threat and saving them from that outcome, which is good for the person, their colleagues, and for the organisation.
Specifically, in the case of TWU members who might participate in the threatened “positive militancy” to “shut down Australian transport” how would an insider threat program operate?
In the SOCI legislation the term ‘critical worker’ identifies people in positions which are critical to the operation of the critical asset. These people, these critical workers, warrant particular scrutiny as their workplace behaviour can pose a high risk to the secure operation of the asset. The other (non-critical) people in the organisation are also subject to an insider threat program but treated differently because their behaviour is not assessed as likely to have a significant impact on the operation of the asset. However, they could still cause harm to the organisation so their behaviour is relevant.
Understanding people in the workforce in terms of their motivations, usual behaviours, and noting changed behaviours is key to an insider threat program.
Bearing these points in mind, it is an obligation on transport sector enterprises to understand the behaviour of their workforce such that acceptable workplace behaviour is made clear to all employees and contractors who have legitimate access to assets and operations. Once acceptable behaviours are made clear then aberrant behaviour is both detectable and can be legitimately and legally examined. Aberrant behaviour includes unlawful behaviour.
Mitigating the Threat: The Role of Insider Threat Programs
How to manage people-based threats posed by the TWU?
Kaine’s threats suggest the possibility of unlawful behaviours by TWU members, perhaps under the guise of “positive militancy” against the assets and operations of the critical infrastructure transport sector, noting that people are a very valuable asset. Kaine is threatening people who are not TWU members.
What sort of aberrant or unlawful behaviour in the workplace might transport sector managers and workers be on the lookout for? Unlawful behaviours include theft of equipment, sabotage of assets and operations, unauthorised access to IT and OT systems, enabling or conducting cyberattack, unauthorised release of information, espionage, bullying and harassment, inflicting psychosocial harms, and physical assault.
This insider threat program approach does not ‘target’ TWU members in the workplace. Because insider threat programs seek to identify aberrant behaviour in the workplace it needs to consider the causes of behaviour. In many cases insider threat behaviour is driven by external factors such as personal bereavement, financial stress, relationship failure, addictions such as gambling or alcohol, or by an external driver such as membership of an issue motivated group or recruitment by criminals or foreign intelligence services.
Being a TWU member, in this context, is not a basis for disqualification from or discrimination in a workplace but rather informs the people responsible to protect the entity that a person, who is a TWU member, may be subject to drivers or influences to act in the workplace in a way that may cause harm. Being a union member is not a risk. However, behaviours driven by group ideology, when those behaviours become harmful or unlawful, may constitute insider threat behaviour. The response to such behaviour needs to be legal and proportionate, focused on the behaviour, not on the beliefs and affiliations. An employer, armed with this insight via an insider threat program, is enabled to intervene and hopefully stop the person from undertaking an insider threat act. This approach can save the entity, its people, and the insider from harm.
To mitigate the foreseeable threat to the 83% of people employed in the transport sector from the 17% who are TWU members, the boards and managers of transport sector entities are obliged to act to mitigate the threat, to manage the foreseeable risks as ASIC’s Joe Longo says.
What might transport sector entities do to prepare for this foreseeable threat?
Aligned with the SOCI Act Critical Infrastructure Risk Management Program (or CIRMP):
- complete an enterprise security risk assessment to identify critical assets and operations
- noting the particular threat vectors posed by the TWU, assess all assets and operations for vulnerability to the type of threat actions the TWU may undertake
- identify critical workers, noting critical workers who are TWU members and the critical workers who are not TWU members
- determine the level of risk to assets and operations and which of these, based on the entity’s risk appetite, require risk mitigation and to what level
- under the TSA Act all hazards approach, the best mitigation for personnel threats is an insider threat program
- insider threat programs operate best as a component of an enterprise Trusted Workforce Program, so consider the entity’s overall approach to personnel security as part of all-encompassing enterprise security
- establish an ICT-based insider threat detection capability which works in harmony with the human-based insider threat program.
Conclusion
Managing the threat posed by the TWU is possible however, as the TWU is doing, requires planning and time to establish and operate to meet the objective.
In acknowledging the TWU has the legal right to act for the benefit of its members then the people and entities the TWU is threatening to act against have the commensurate legal right to protect themselves and their interests.
In anticipating that an industrial relations conflict will arise, that element of conflict will be addressed by interaction between the TWU, employers, the courts, and the federal government. However, the issue of threats to the assets and operations of individual transport sector entities must also be recognised and addressed, given a foreseeable threat exists in the context of historical union unlawful and coercive militant actions.
People are assets that need to be protected from such harms. All employers are legally obliged to protect their employees from foreseeable harms. The TWU has given notice of its intentions and so transport sector asset owners and operators must decide how they might act and what they need to prepare for.
The TSA Act, building on ATSA and MTOFSA and bringing alignment with the SOCI legislation, means that the majority of owners and operators of transport sector assets in 2026 will be obliged to act to mitigate the risks posed by the TWU to transport sector operations which all Australians rely on every day. In this scenario we can see the TWU, as 0.002% of Australia’s population, posturing to threaten more than 99% of the population and harm Australia’s economy and security.
In Australia the law permits the TWU to act and threaten in this way, but it also permits the 99% to act in lawful ways to protect their interests. An insider threat program enables lawful and proportionate action to identify and mitigate people-based threats in the workplace and therefore should be explored by transport sector entities now given the new and emerging TSA Act obligations and the foreseeable threat posed by the TWU. Now is the time for Australia’s transport sector leaders to act decisively – in the national interest.