Critical sectors | How KPMG can help | Key benefits | Services and insightsGet in touch


    Key dates

    • 8 July 2022: Grace period ended for Mandatory Cyber Incident Reporting
      8 October 2022: Grace period ended for Registering ownership and operational information



Australia's critical infrastructure is increasingly under threat.

  

Are you on the front-foot? New legislative requirements are in place for owners and operators of critical infrastructure. We can help you navigate your obligations:

Understand

Understand exactly where you are now, where you need to be, and what you need to do to get there.

Act

Take action to implement and actively manage your plan.

Improve

Keep looking for ways to integrate and strengthen resilience throughout your organisation.




Critical Infrastructure Reforms

Opens in a new window

Financial Services Sector: Critical Reforms

Opens in a new window



Overview of the new requirements




The enhanced Security of Critical Infrastructure Act (2018) (SOCI) passed in two tranches: the first in December 2021 and the second in April 2022.

Together these amendments expand the reach of the Act from 4 to 11 sectors, and create a framework with the following features:

This comprises:

  • Provision of ownership and operational information to the Register of Critical Infrastructure Assets
  • Mandatory cyber incident reporting obligations within certain timeframes
  • Development, adoption, and maintenance of a Risk Management Program with a particular focus on cyber, physical, personnel and supply chain risks (not yet commenced).

These apply to all critical infrastructure assets, with three distinct elements:

  • Information gathering powers
  • Action directions
  • Intervention powers.

These apply only to designated ‘Systems of National Significance’ that include:

  • Incident Response Planning
  • Cyber Security Exercises
  • Vulnerability Assessments
  • Provision of system information.



Which sectors are affected?

Sectors subject to the enhanced regulatory framework include:


Energy

Education

Data Storage

Transport


Financial Services

Health & Medical

Space Technology

Grocery & Food


Water & Sewerage

Defence

Communications




Achieving resilient infrastructure

KPMG has deep knowledge across all of the critical risk domains and sectors. We can help: 

  • Provide foundational support to understand what the changes mean to you.
  • Assess your baseline security and physical risk and provide actionable strategies to address the fundamentals.
  • Identify and manage cyber risks in relation to your organisation's infrastructure.
  • Provide visibility of risks associated with your supply chain and the impact it will have on you, your people and the community.
  • Integrate critical infrastructure requirements into your wider control environment and transformation activities.

Critical Infrastructure Reforms

Opens in a new window

Financial Services Sector: Critical Reforms

Opens in a new window


Key benefits

KPMG provides four key benefits:

Clarity

Gain clarity on where to start and how establish core foundational elements so that you can demonstrate that your programme covers the most significant risks facing your most critical assets.

Optimise

Turn a legislative requirement into an opportunity to realise operational optimisation.

Assurance 

Ongoing assurance that all aspects of threat exposure are considered, including cyber, people and your supply chain.


Trust

Beyond compliance, security and resilience in your operations bolsters the trust of your customers, employees and the wider community. 



Related services and insights

KPMG services, insights and thought leadership related to critical infrastructure.

Infrastructure, Assets & Places - a smiling woman on a Melbourne train station platform
Infrastructure, Assets & Places - a smiling woman on a Melbourne train station platform
Infrastructure category
Infrastructure, Assets & Places
Infrastructure, Assets & Places
Infrastructure, Assets & Places

Building for better with a holistic and sustainable approach to planning, delivering and improving our infrastructure.

Building for better with a holistic and sustainable approach to planning, delivering and improving our infrastructure.

A holistic infrastructure advisory and consultancy service for sustainable Australia.

Cyber Security Advisory Services
Cyber Security Advisory Services
Cyber security category
Cyber Security Services
Cyber Security Services
Cyber Security Services

Cyber Security is not what you do, it’s who you are. Build a culture of cyber security and be the organisation clients can trust.

Cyber Security is not what you do, it’s who you are. Build a culture of cyber security and be the organisation clients can trust.

Move from risk to competitive advantage with KPMG Cyber Security Services.

Transform your supply chain by advancing your data collection system
Transform your supply chain by advancing your data collection system
Supply chain transformation category
Future of supply chain
Future of supply chain
Future of supply chain

Supply chain worldwide continues to experience delays and disruption, two years into the pandemic. So learn and transform now.

Supply chain worldwide continues to experience delays and disruption, two years into the pandemic. So learn and transform now.

Transform your supply chain, avoid delays and disruption.

Aerial view of railway bridge over road intersection
Aerial view of railway bridge over road intersection
Infrastructure category
Critical infrastructure: Understanding asset criticality
Critical infrastructure: Understanding asset criticality
Critical infrastructure: Understanding asset criticality

How your organisation can develop an improved understanding of your asset criticality to set you up for success.

How your organisation can develop an improved understanding of your asset criticality to set you up for success.

Understand your organisation's asset criticality to set you up for success.

Meet the team


    KPMG knows SOCI inside out. That’s because our team includes leaders who developed the underpinning policy architecture for the reforms while working in Government, as well an experienced core team who have been engaged by the Department of Home Affairs since 2021 to co-design the rules and frameworks to bring the reforms to life.


We are passionate about these reforms, and want to support businesses make the most of the opportunity this provides to really focus on your resilience.

If you want to know more about what the reforms mean to you, and the practical steps you can take to get on the front-foot, please get in touch.

Contact our KPMG professionals below, or use the enquiry form



Mark Tims blog posts
Mark Tims
Partner, Technology Risk & Cyber
KPMG Australia
Profile | | Phone
Gregory Miller blog posts
Gregory Miller
Partner, Cyber Investment, Management Consulting
KPMG Australia
Profile | | Phone
Luke Eason blog posts
Luke Eason
Partner, Technology Risk & Cyber
KPMG Australia
Profile | | Phone
Carlo Cappuccio blog posts
Carlo Cappuccio
Director, Regulatory Design & Industry Engagement
KPMG Australia
Profile | | Phone
Veronica Scott blog posts
Veronica Scott
Privacy, Digital & Data Protection Lead, KPMG Law
KPMG Australia
Profile | | Phone
Damion Keasey blog posts
Damion Keasey
Leader, Enterprise Risk Management
KPMG Australia
Profile | | Phone




Enquire now

To understand what the changes mean for you, connect with us today to receive an individual briefing.

Click here