I often get the question what is a System of National Significance or a SONS?
The Security of Critical Infrastructure Act 2018 outlines the 11 critical infrastructure sectors and then the 22 different type of critical infrastructure assets that make up those sectors.
SONS are a very, very small subset of these critical infrastructure assets that the Minister for Home Affairs has determined are of particular national significance.
In other words SONS are the really critical infrastructure assets that have a level of interdependence and would have disproportionate impacts on our society, economy, stability or security if an incident were to successful disrupt their operations.
Declaration of SONS is a way of calling out those critical infrastructure assets that are at the core the functioning of how we live.
SONS are a focal point also for our engagement and big focus of effort for us. This includes through the application of Enhanced Cyber Security Obligations which can be asked of SONS.
Our approach is to have in place for each SONS the incident response plans to ensure that we are able to respond to an incident that relates to the operation of the system or a critical infrastructure incident.
Equally, there will be emergent vulnerabilities or helpful exercises that can usefully be undertaken to understand and identify vulnerabilities or test response mechanisms.
Finally, the provision of systems information to the Australian Cyber Security Centre may also help for provision of better advisories and advice to mitigate against cyber attacks.
We view SONS and the associated Enhanced Cyber Security Obligations as a legal framework for collaboration, a focal point for our engagement and an operational necessity given the global threat environment that we face.
SONS are so critical to our nation not only for operating the essential service that they provide but underpin the essential fabric of our society, our economy or our security.
If you’d like to know more about SONS, please reach out to enquiries@cisc.gov.au.