Critical industries – obligations and possibilities

In November 2021 the Australian Government released the Critical Technology Supply Chain
Principles. This a voluntary code to:

“… support businesses of all sizes securely and confidently adopt and develop the
critical technologies that will drive Australia’s economic recovery and future growth”

These critical technologies include, for example: 

The Honorable Karen Andrews, Minister for Home Affairs, said:

 “These principles come at a vital time – both for Australia and for our critical industries. We
face unprecedented threats from a range of malicious cyber actors, growing geo-strategic uncertainty, and are increasingly reliant on technologies that can be hacked, held to ransom, or otherwise disrupted,”

In December, the Security Legislation Amendment (Critical Infrastructure) Bill passed Parliament. This law is mandatory, not voluntary, and requires organisations in a wide range of sectors to report to Government if they suffer a breach, and allow the Government to access their networks as a ‘last resort’ in order to respond.

The sectors included are communications, financial services, data storage and processing, defence industry, higher education and space technology.

The Supply Chain Principles are available on the Home Affairs website, and the very first Principle is:

​Understand what needs to be protected, why it needs to be protected, and how it can be protected.

The Government and its advisory groups has recognised that (secure) AI technology like Castlepoint is the best way to achieve this. The ‘security pillar’ is that organisations should ensure they are making decisions that build-in security from the ground up. Without knowing your own data, and knowing its inherent risk, these decisions can never be evidence-based.

Castlepoint tells you what you have where it is, and who is doing what to it. But it goes further to show what data has risk, and what has value – and what rules apply to the data, and whether they are being met. This comprehensive oversight is only possible with modern AI, and it is now available to not just Government but to organisations of all types. 

We are seeing regulated entities rapidly uptake this capability, not only because it’s increasingly expected by their regulators, but also because it’s the right thing to do.