Thinking

Organisations across Australia’s critical infrastructure sectors are increasingly reliant on global talent. Engineers, cyber specialists, data analysts, and technical experts are frequently sourced from overseas to address persistent skills shortages, or are rotated into the Australian subsidiary of a foreign-owned critical infrastructure asset. At the same time, the security environment facing critical infrastructure operators and […]

Workforce assurance in critical infrastructure series Executive Summary For Australia’s critical infrastructure entities, the greatest personnel security risks rarely arise at the point of hiring. They emerge later as access expands, responsibilities increase, pressures accumulate, and trust is tested over time. Workforce assurance, therefore, cannot stop at pre-employment screening. It must extend across the entire

Workforce assurance in critical infrastructure series Executive Summary Pre-employment screening is often treated as an administrative gateway: a set of standard checks applied uniformly to every role, regardless of consequence or risk embodied in the role. In Australia’s critical infrastructure environment, this approach is no longer adequate, and in some cases, it may even create

Workforce assurance in critical infrastructure series Executive Summary Workforce assurance is now a key national security capability for Australia’s critical infrastructure sectors. As the operating environment becomes more complex, the risks associated with trusted insiders, including employees, contractors and third-party personnel with legitimate access, are increasing. Many organisations continue to rely heavily on the AusCheck

Executive framing: why this distinction matters now As organisations subject to the Security of Critical Infrastructure Act 2018 (SOCI Act) continue to mature in their implementation of the Critical Infrastructure Risk Management Program (CIRMP), many Boards and executives are now asking a sensible question: “Are we compliant, and what does CIRMP maturity actually tell us?” Yet, before

In October – November 2025, I was invited to speak to groups on matters relating to Australia’s Security of Critical Infrastructure Act 2018 (SOCI Act).  I presented to representatives of the Australian superannuation industry, the Victorian transport industry sector, a cyber security conference, a critical infrastructure sector national conference, and a Department of Premier and Cabinet.  For all but

Introduction For many organisations, insider threat feels remote, something that happens elsewhere, under unusual circumstances, involving unusual people. That sense of distance is comforting. It taps into a well-documented psychological tendency in human nature: we assume that rare or uncomfortable risks are more likely to affect others than ourselves. This cognitive bias allows leaders to

A supply chain is only as strong as its weakest known link Australia’s critical infrastructure sectors depend on complex and interlinked supply chains that now sit at the centre of national resilience. This article describes an eight-step framework for risk-based supply chain mapping and categorisation aligned with theSecurity of Critical Infrastructure Act 2018 (SOCI Act) and its