Loading

    Critical Infrastructure Security Month 2025

    ​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​Critical Infrastructure Security Month 2025

    Critical Infrastructure Security Month (CISM) is here!

    CISM is a national month of focus and action dedicated to uplifting the security and resilience of critical infrastructure across Australia. The Critical Infrastructure Security Centre (CISC) will be delivering a range of initiatives and engagement opportunities to bring people together to discuss, learn and share best practice. Hear from industry and government representatives on their careers in critical infrastructure, tune in to one of the diverse presentations, read through informative guidance material and listen to insightful conversations throughout.

    This year’s CISM explores a different theme each week, focused on key risk areas. The theme for week one is Supply Chain Risk, week two is Enabling Services, week three is Cyber Threat Environment and week four is Personnel and Physical Security.

    CISM offers us all an opportunity to reflect on the shared partnerships that underpin our nation’s security and prosperity.​

    Hear from Head of National Security, Hamish Hansford as he talks about what’s in store and how you can join in to activities during CISM 2025.​

    Head of National Security, Hamish Hansford talks about what's on during CISM

    Welcome to the third annual Critical Infrastructure Security Month or CISM. This is a national month of focus and action dedicated to uplifting the security and resilience of critical infrastructure across Australia.

    So, critical infrastructure spans everything from the energy sector to transportation, telecommunications, education, water, healthcare and everything in between. This month is really about Australians having a chance to reflect on partnerships that underpin our shared security and prosperity. And so, each week this month, there will be a new theme.

    Week one will focus on the increasing threat of supply chain risk. Week two will be about enabling services. Week three we'll look at the cyber threat environment and week four we’ll look into personnel and physical security.

     Critical infrastructure is and will continue to be a really attractive target for cyber actors, cyber criminals, hacktivists and there's a whole bunch of large and sensitive data holdings that are really critical to underpin the Australian economy, and they're also a target.

    Cyber incidents remain one of the fastest growing threats to our nation, and things like inadvertent human error or system failures are proving to be just as disruptive as malicious activity. Progressively interconnected operational systems can send vulnerabilities that really underpin the functioning of infrastructure. If we don't properly understand and manage them, particularly understanding the growing interconnectivity, this can expose ourselves and particularly critical assets to more vulnerabilities and from other systems and platforms that then plug into infrastructure.

    Critical infrastructure operators really need to move beyond basic compliance-based models and really think about a holistic, risk-based approach to all security issues but particularly cyber security. Critical infrastructure entities should also look at technology and make sure that it's secure by design and particularly secure by default. And that'll really underpin the modern functioning of networks that then go through to protect data and systems.

    In this month, we'd really like to share with you some of the work that we're doing to safeguard infrastructure. We'll be delivering a range of initiatives and engagement opportunities really designed at bringing people together to discuss, learn and share what we think is best practice. Importantly, we'd also love to hear from industry representatives, and we'll bring a range of people in to chat about their careers in critical infrastructure. And there'll be some webinars as well. So, tune in to those. And finally, we'll be releasing some guidance materials and a new podcast.

    And in that light, we're really pleased to announce the release of the third edition of the Critical Infrastructure Annual Risk Review. The third review really looks at the breadth of security issues that faced critical infrastructure over the past 12 months. We've had really good feedback on this product in previous years, and it's really designed for a diverse audience across all levels of industry, governments and the broader community.

    For more information about what's on for this month or CISM, visit CISC.gov.au. Thanks so much.

    Head of National Security, Hamish Hansford wraps up CISM 2025

    Hamish Hansford

    As we wrap up another Critical Infrastructure Security Month, I really want to thank all participants, industry sectors and partners for our collective strong engagement throughout this whole month. This years’ Critical Infrastructure Security Month has also coincided with the Critical Five Principals meeting in Canberra and Sydney. So this is our partners from each of the Five Eyes, and this provided us an opportunity for not only international collaboration to look at how we think about shared security concern and awareness raising, but really to reaffirm a shared commitment to the security and the resilience of each of our different countries. 

    And this year's Critical Infrastructure Security Month explored a range of different themes each week. Week one about supply chain, week two about enabling services, week three about the cyber threat environment and week four regarding personnel and physical security. 

    And we saw, as I said, so many strong engagements across each of the different activities. And it really highlighted for me, collaboration is the way of the future and sharing the lessons across different sectors is the way to think about the security of our nation. 

    We particularly heard from industry representatives across so many different critical infrastructure sectors. We had a range of presentations on topics including on critical infrastructure modelling and analysis, subsea cables (those important cables that connect our country to the rest of the world), maritime cyber threat, security screening and so much more. We released guidance for owners and operators of critical infrastructure to manage evolving risk and to manage your collective obligations including the release of the Critical Infrastructure Annual Risk Review, the Energy Supply Chain Risk Factsheet and the Battery Energy Storage System Factsheet, the Registering a Critical Infrastructure Asset Guidance and the Critical Infrastructure Asset Registration Form Guidance.

    The Register of Critical Infrastructure Assets is really designed to provide a more detailed understanding of who owns and controls critical infrastructure in Australia. And the new guidance that we've released really will outline to you what information is required, why it's collected, and how it's being used to really strengthen our national security from an infrastructure perspective.

    Collaboration will be so central to how we work together to protect the security of Australia and importantly, the resilience of our infrastructure. And you can help through continued engagement with the Trusted Information Sharing Network. And the guidance that we've released this month will help to share and drive capability uplift and preparedness. And if you want more guidance, just tell us which guidance you need and what we can do to help you. 

    We look forward to continuing to bring together the owners and operators of critical infrastructure, peak bodies, academics, some of our subject matter experts, supply chain entities, to really understand how we can best plan, prepare and respond to critical infrastructure challenges and improve our resilience.

    Something to look out for next is the Critical Infrastructure Security Conference, which will be held on the 11th of March 2026 in Brisbane. 

    And the theme for this Conference will be Resilient Connections. The Conference, as many of you know, is designed to bring owners and operators from every state and territory across Australia together to talk about critical infrastructure security issues. It's a really great opportunity to continue our journey on building a community of best practice, which is looking to uplift all of the security of our infrastructure, because it's only together that we can strengthen critical infrastructure, our systems, our services and the people that work every single day on protecting our nation and running our critical infrastructure. 

    So finally, thank you for your involvement in making this year's Critical Infrastructure Security Month a success. And please support us by following us on LinkedIn or going to our website for more information at cisc.gov.au.

    Thank you. 

    ​​