Australian supermarkets, transport next for cyber exercises

Food and grocery, finance, and transport will be the next three industries to have their cyber security tested under the government’s National Cyber Security Exercise program.

Cyber security coordinator Lieutenant General Michelle McGuinness.
Department of Home Affairs

New national cyber security coordinator Lieutenant General Michelle McGuinness revealed the sectors next up for stress testing in a Senate hearing last night, adding that previous exercises led by her staff were in the education and resources sectors.

The aviation sector led its own exercise this year, McGuinness said.

The food and grocery sector – which struggled with unexpected traffic early in the Covid era – will be watched closely along with transport, since this will be those sectors’ first security exercise.

Previously, cyber security minister Clare O’Neil had outlined exercises in the aviation, financial services, and telecommunications industries.

McGuiness also highlighted the activity of the National Cyber Intel Partnership (NCIP), which was formed in response to last year’s cyber security action plan.

She said the first “exploratory meeting with the minister” took place in September 2023.

The NCIP establishes two-way threat sharing and threat blocking between industry and government, McGuinness explained.

Hamish Hansford, deputy secretary of cyber and infrastructure security, told the hearing that the rollout of the critical infrastructure risk management program is also a current focus in the Department of Home Affairs.

Companies and government agencies regulated by the Security of Critical Infrastructure Act (SoCI) are due to make their first risk management reports between July and September this year.

Hansford also told the committee his SoCI compliance activity is moving from education towards compliance audits.

“We have in the last couple of weeks changed our compliance posture … announcing that we’ll start an audit and compliance program.”