In September 2020 the OCSC and the OCSC CMM Ambassador team responded to the Australian Department of Home Affairs call for submissions on Protecting Critical Infrastructure and Systems of National Significance. With the underlying theme of ‘defining the new frontier’ The OCSC’s submission provided snippets of OCSC’s collective cybersecurity multi-dimensional subject matter expertise, their thoughts and various recommendations on actions and solutions.
Protecting what is critical to Australia’s sovereignty requires looking beyond our own borders to include our neighbours and partners. Setting clear parameters on what defines critical infrastructure and what constitutes effective national security governance must be considered at a national and international level. Our submission provides specifically researched and referenced examples of where frameworks, definitional aspects and enhance information sharing could assist the government to achieve this objective. A starting point as articulated in our response to Question 24 would be to conduct a Cybersecurity Capacity Maturity Model for Nations (CMM) review for Australia to assess the technical and non-technical dimensions of Australia’s critical infrastructure assets related to cybersecurity, with a view to build an evidence base, independent from government and industry, around best-practice responses to advanced and persistent threats. This would add to the intentions of the Critical Infrastructure Program for Modelling and Analysis (CIPMA) and would provide the necessary research, threat, data and risk analysis required to provide a more detailed depiction of the threat environment and subsequently contribute to better policy outcomes.
Read the full published submission.
In November 2020 the OCSC responded to the Australian Department of Home Affairs call for submissions on Critical Technology Supply Chain Principles. OCSC’s subject matter experts, Carsten Rudolph, Iqbal Gondal and James Boorman addressed and informed various questions posed:
Governments need to play an important role in addressing the security of supply chain systems for critical processes such as critical technology and food security. However, it is not clear what the Government considers to be critical technology. It will be important to develop a clear definition with criteria and examples for determining what is considered critical technology. This definition should involve widespread consultation, though care must be taken to avoid an all encompassing definition which loses focus on protecting what is important. An unnecessarily strict regulation of supply chains stifles innovation and limits the ability of organisations to compete on a global scale.
Read the full submission.