Critical infrastructure provides services that are essential for everyday life such as energy, food, water, transport, communications, and health.
'Resilience' in managing and operating critical infrastructure refers to:
- understanding and minimising risk
- maintaining service in the face of all-hazards
- responding rapidly to a crisis
- recovering quickly if service is disrupted.
It is not possible to foresee, mitigate or prevent all threat events and it is generally not cost effective to do so.
Critical infrastructure owners and operators should have:
- an all-hazards approach when looking at ‘how to be resilient’
- a context-specific understanding of risk, which weighs consequences and likelihood.
This understanding can help to develop and maintain resilient infrastructure in an increasingly connected, globalised and outsourced environment.
Critical infrastructure entities need to continually monitor growing national security threats that are increasingly dangerous and sophisticated. These threats include foreign interference, espionage and cyber breaches.
If any of these threats materialise, understanding and applying organisational resilience approaches can help critical infrastructure entities to cope with the consequences. Organisational resilience encourages organisations to be flexible to:
- prepare
- respond
- recover from threats.
This minimises the impact of disruptions and supports a swift return to normal operations.
Features of resilient infrastructure
You should:
- know your supply chain intimately
- use supply chain models
- identify and manage inherent supply change weaknesses to ensure built-in redundancy.
You should understand:
- how your infrastructure relies on other sectors
- how to comprehend and manage international dependencies
- business–government expectations and dependencies in decision-making and response.
You should:
- develop and exercise plans for continuity of critical services
- implement opportunities to improve resilience
- build resilience in people, teams, organisations and communities.
You should develop risk management strategies to:
- identify risk
- articulate risk
- eliminate risk
- minimise risk
- transfer risk
- avoid risk.
Using these strategies can lead to:
- service reliability
- sound and sustainable mutual-aid agreements to assist during disruptions
- rapid expansion of capacity during disruptions.
You should continually strive to access, review and understand:
- existing federal, state and territory government plans and legislation about owning and operating critical infrastructure
- information and intelligence products to inform your risk management strategies.
