The mass automation and digitisation of our most critical infrastructure prompts the need for effective cyber security. Politicians warn of a looming conflict, but it's not bombs that we need to worry about.
In every conflict scenario over the past 100 years, the first target has been the critical infrastructure that fuels the nation. When Darwin was bombed in 1942, the main objective was destroying the port to cripple the city's trade and defensive response.
In world conflicts today, we've seen nuclear and hydro plants, and electrical infrastructure that powers the grid the first targets.
Back on home soil and earlier this year, the Security Legislation Amendment (Critical Infrastructure Protection) Bill received royal assent, and so Australia's second round of amendments to the Security of Critical Infrastructure Act 2018 (SOCI) came into effect.
Our recognition for what is deemed critical infrastructure newly includes data centres - a symbol of our changed interests around national security, as well as technology's heightened role in our everyday lives.
Australia's data centres now have the weight of the Australian government behind it, and this increased closeness between the two will keenly encourage smarter action on issues of data protection and cyber security.
SOCI brings the Australian Signals Directorate (ASD) and private sector critical infrastructure closer than ever before.
Depending on their level of national significance, critical infrastructure providers are required to report to the ASD their assets, the security plans they have in place, information on any cyber incident that occurs, and risk mitigation plans.
This means data centres will have more scrutiny over who operates and owns them, where they are located, upping the measures in place to safeguard equipment.
Organisations in all sectors - be it government, retail, manufacturing, education, financial services, health, or transportation - cannot perform without data availability and data centres.
The onset of the pandemic, its economic implications, and the rise of remote working arrangements have pushed for the reliance on data and data centres more than ever. And when enough people depend on data, the more important it becomes to protect it.
While the recent legislative changes and increased government focus is a welcome initiative, organisations need to ensure they have the mechanisms in place to report and defend against attacks.
It's not just about implementing the newest and greatest bolt-on security products; it's about effectively managing the solutions companies already have and applying best practice at the foundation - the infrastructure level.
What does this look like? Applying robust monitoring and management frameworks, and in case of attack, an intelligent notifications and alerts system which enables immediate action.
Further, an effective back-up capability can ensure critical systems don't go down, creating instances of data loss or halting business entirely.
In recent years, the private sector has become just as vulnerable to data breaches that challenge national security as the public sector. As businesses do work for government and information trades hands, the opportunity for cracks increases.
The more we rely on something to remain secure, the more critical it becomes.
If and when Australia next faces conflict, it'll still be critical infrastructure that's hit first. But in the modern world, critical infrastructure isn't just pipes and ports.
Several joint cybersecurity advisories warn of the potential for managed service providers cyberattacks within and outside Ukraine. Australia has been flagged as a target for these malicious cyber actors.
So it comes as no surprise then the Australian government would seek to ensure the cyber defence of critical infrastructure and protect the operation of data centres.
What SOCI is conveying is that the new frontier of cyberwarfare is critical infrastructure, and its scope expands to protect the valuable information needed for Australia's continued operation.
SOCI will likely not be the last statutory authority to manage cyber threats. In the event of disaster, government and businesses need to be prepared to defend themselves.
Sign up for our newsletter to stay up to date.