SOCI Supply Chain Security Webinar: Critical Infrastructure Risk Management Program Requirements
Many critical infrastructure companies are reportedly experiencing increased uncertainty and volatility in the supply chain security environment.
On 28 February 2023, the Australian Cyber Collaboration Centre and Providence Consulting Group jointly hosted a webinar “Supply Chain Security as a Component of the Insider Risk Program”, featuring speakers from government and industry.
The webinar attracted a wide range of viewers from numerous sectors: Commonwealth and State government agencies; critical infrastructure sectors – data storage or processing, financial services and markets, water and sewerage sector, energy sector, transport, food and grocery, defence, space technology and higher education and research; and security professional services.
The event was well-timed given the 17 February 2023 commencement of the Security of Critical Infrastructure (SOCI) (Critical infrastructure risk management program) Rules 2023. Commencement of the Rules means that in six months, from 17 August 2023, critical infrastructure asset owners and operators must establish and comply with the Critical Infrastructure Risk Management Program (CIRMP) – they need to have a written Risk Management Plan and be placed to report on the maturity and effectiveness of protective security by August 2024. That report must be endorsed by the entities board (or commensurate governing body) for submission to the Home Affairs or the relevant Commonwealth regulator.
The event aimed to raise awareness for SOCI entities of the impacts of supply chain outsourcing and associated risks, as well as why supply chain operators are likely to become more of a target in the future.
The panellists shared their experience in integration of supply chain security into organisations’ broader security systems and highlighted the importance of multi-disciplinary governance and security culture in this process.
The panel agreed that the supply chain security goes beyond cybersecurity. Technical solutions will not help if a supplier cannot spot a trusted insider who is enabled to exploit an entity’s data and information. Security education is key to a functioning and supportive workforce security culture: people are at the centre of managing supply chain security risk.
One of the main takeaways for the viewers was the importance of holistic, systematic and coordinated actions to mitigate the security risks and inform operational and investment decisions of their supply chain.
This webinar is part of a series of events, mounted by Providence, Home Affairs and partners, to provide insights and advice to SOCI entities on how to establish and maintain a Critical Infrastructure Risk Management Program and meet obligations of the SOCI Act. You can watch the recoding of the webinar here.
Our next SOCI Webinar: Personnel Security and Critical Pathway to Insider Risk is scheduled for Wednesday, 5 April 2023, at 2:00-3:30pm (AEDT). Please register here.