Australia launches ambitious critical infrastructure protection plan

Published 4 October 2007

The Australian government joins with industry to launch a comprehensive program to improve national responsiveness to major critical infrastructure disruption

Australia is worried about the security of its critical infrastructure. Yesterday, Attorney-General Philip Ruddock and Defense Minister Brendan Nelson launched a critical infrastructure protection program to improve national responsiveness to major infrastructure outages. The Critical Infrastructure Protection Modeling and Assessment (CIPMA) program, a product of Geoscience Australia, the CSIRO and the attorney-general’s department, will examine the relationships and dependencies between critical infrastructure systems to demonstrate how failures in one sector affect other sector operations. The $20 million program collates operational data from the banking and finance, communications, energy, and water industries such as supply chain, distribution, and expenditure details, information on architectural design including machinery, and network vulnerabilities and dependencies. Greg Scott, technical development team leader for Geoscience Australia which is part of the Department of Industry, Tourism and Resources, said the CIPMA database will contain critical information normally siloed within organizations to build business resiliency and continuity. “The industries know their information better than anyone so we want to draw that data out so if a bush fire or cyclone causes outages, we can determine the cost, time and social impacts across other industries,” Scott said. “Its about vulnerability mitigation so we know where to build extra back-up and where weaknesses exist.”

If you want to go deeper: Some 4Tb of spatial data is stored across Environmental Systems Research Institute (ESRI) geospatial applications, run on Oracle servers with a Java environment and powered by a Spatial Data Engine (STE). System Dynamic Models, which examine stock and flow data in critical infrastructure such as network connectivity and the energy output of generators, creates an amalgamated output to be fed into a people, building, and infrastructure profile. Data is then broken down into demographic, economic and business profiles, and statistical divisions to create unique disruption footprints. An ASIO T4 approved security system was installed to protect stored data which includes highly secretive industry information entrusted to CIPAM by participants. “We need to ensure confidentiality of data because industry, such as the communications sector, cannot have data leaked to the public so we hold this as a top priority,” Scott said.

The program also allows industry to cut costs by examining supply chain data and manufacturing processes, which CIPAM deconstructs for use in its database. User requirements were drafted in June 2005 with the banking and finance, communications and energy industries, following a federal budget allocation of $20 million in 2004. CIPAM is now gathering data and knowledge from the water industry and will add additional sectors in the near future. Future program initiatives will provide insights on the behavior of complex networks, identify choke points and single points of failure, assess options for security investment, and test mitigation strategies and business continuity plans.