ABSTRACT
The chapter focuses on developments in critical infrastructure defence planning in Australia, arguing that notwithstanding the many positive initiatives adopted by Australia in the past decade, there remain a number of policy gaps in ensuring resilience. These include the need for: an updated national information environment roadmap; improved standards and interoperability; the additional vulnerabilities of the Internet of Things to be addressed; adoption of more holistic national cyber incident response planning as part of incident management; strengthening and formalising of arrangements for collaboration with key non-governmental partners; development of the national workforce; exercising recovery from a cyber incident; and ensuring that all companies associated with critical infrastructure have an advanced capability to detect and respond to threats and incidents. The author calls for the co-location of the Department of Home Affairs Cyber Policy staff and the Australian Cyber Security Centre to be leveraged further to contribute to the development of strategies for managing cyber incidents; and suggests that the Australian Signals Directorate could be tasked with active cyber defence domestically, in conjunction with key Home Affairs agencies. Finally, he sees merit in Australia considering the concept of cyber civil defence and the utility of cyber national service, or even a cyber militia.
