This is the second edition of the Australian Government's Critical Infrastructure Annual Risk Review, an examination of the threats and hazards faced by Australia’s critical infrastructure, developed in response to the growing recognition of the importance of critical infrastructure to Australia's national security and economic stability.

This report seeks to promote a cross-sectoral understanding of risk. To aid in this, it introduces a comparative visualisation of cross-sector risk prioritisation for each of the five hazard sections that are discussed: cyber/information, supply chain, physical, natural hazard and personnel. It assesses each for plausibility and for potential damage. 

The report recommends a comprehensive and collaborative approach to managing these risks, including legislative reforms, enhanced guidance for critical infrastructure providers, and promoting greater awareness of the interconnected nature of critical infrastructure sectors. The purpose is to build higher levels of resilience in the delivery of services.

Key findings

• Rapid technological change is creating skill and staffing shortfalls, including for skilled cyber security professionals.
• Cyber incidents, instability in global supply chains and disruption from severe weather events are key areas of concern for the security of Australia’s critical infrastructure.
• Our social and economic interconnectivity and rapid implementation of technologies is changing the nature of threats to national security, and introducing new, unconventional ones.
• Interconnected networks may also involve more threat exposure, more severe consequences, unpredictable system behaviour, and more difficult recovery from disasters.
• Challenges exist between and within sectors where there is a wide disparity in security maturity levels, regulation, approaches to information-sharing and disclosure, and where retrofitting new technological efficiencies into legacy infrastructure takes place.
• A focus on national security risk may differ from the way entities have viewed risk in the past, however, framing of risk in this context (within existing risk management strategies) will improve Australia’s national security and socioeconomic resilience.