E-Security
Australia’s national information infrastructure is important to our national security. To read more about national security go to the National Security website.
- What is E-Security?
- What is the national information infrastructure?
- Who owns the national information infrastructure?
- Who is responsible for protecting the national information infrastructure?
- How is Australia’s national information infrastructure being protected?
- What is the E-Security National Agenda?
- What does the Australian Government Computer Emergency Readiness Team do?
- Other programs
What is E-Security?
The Australian Government defines E-security as measures relating to the security, availability and integrity of information that is processed, stored and communicated by electronic or similar means.
What is the national information infrastructure?
The national information infrastructure is a subset of critical infrastructure. It comprises those communications, information and other technologies and systems used to underpin Australia’s economic activities and delivery of key government services. Typical components include, but are not limited to, communications and computer networks used by:
- banking and Finance
- broadcasting and telecommunications
- energy
- water services
- transport
- health
- emergency services, and
- the maintenance of public order, safety and national security.
Who owns Australia’s national information infrastructure?
The National Information Infrastructure underpins the operation of critical infrastructure organisations. In some parts of Australia, up to 90 per cent of the critical infrastructure is privately owned or operated on a commercial basis. Other systems of national interest are owned by the Australian Government or State and Territory governments.
Who is responsible for protecting the national information infrastructure?
The fundamental principle of the Australian Government’s approach to the protection of The National Information Infrastructure (NII) is that owners and operators are responsible for the security of any computer infrastructure they own and/or operate and should take steps to inform themselves of risks and strategies to mitigate them.
While owners and operators are responsible for the protection of their own systems, these systems are so interconnected that the national information infrastructure relies on all its parts being secure for it to be protected.
How is Australia’s national information infrastructure being protected?
As with most business activities, those who own or run the national information infrastructure systems know the best way to protect it, how to manage an incident and how to get things up and running again. A number of Australian Government Departments and agencies undertake activities to ensure the ongoing resilience of the national information infrastructure under the E-Security National Agenda. Legislation such as the Telecommunications Act 1997 and the Criminal Code 1995 prohibit acts which interfere, or damage Australia’s national information infrastructure.
What is the E-Security National Agenda?
Recognising the increasing reliance of government, business and home users on information and communications technology, the Australian Government established the E-Security National Agenda in 2001 to create a secure and trusted electronic operating environment for both the public and private sectors.
Since then, the e-security landscape has changed significantly with the emergence of sophisticated, targeted and malicious online attacks. These attacks potentially come from a number of sources and pose a risk to the continuity of government, the reliable delivery of critical services by both the public and private sectors and the identity and financial information of home users and small-to-medium businesses.
The 2006 review of the E-Security National Agenda found that because the online environment is highly interconnected, e-security threats to different segments of the Australian economy cannot be addressed in isolation. This key finding saw the development of three new priorities to address concerns and to assist in achieving the E-Security National Agenda’s original objective of:
- reducing the e-security risk to Australian Government information and communications systems
- reducing the e-security risk to Australia’s national critical infrastructure, and
- enhancing the protection of home users and small-to-medium businesses from electronic attacks and fraud.
In May 2007, the government announced funding of $73.6 million over four years for new measures to address these three priorities.
GovCERT.au—Australian Government Computer Emergency Readiness Team
The Australian Government Computer Emergency Readiness Team (GovCERT.au) is a unit with the Attorney-General's Department. GovCERT.au provides unique computer security information to owners and operators of critical infrastructure and key Australian businesses. GovCERT.au is the point of contact in the Australian Government for foreign government CERTs on issues relating to critical infrastructure and key business, and coordinates any foreign government requests. GovCERT.au also assists in the preparation and coordination of Australia’s readiness during major National Information Infrastructure incidents.
More information about GovCERT.au
Other programs
Computer Network Vulnerability Assessment Program
The Computer Network Vulnerability Assessment Program is a grants program for critical infrastructure owners and operators to help them check the security of their computer networks, including any associated physical and personnel security issues.
Computer Vulnerability Assessment Program fact sheet