Submission on the Security of Critical Infrastructure Act 2018 review
Access status:
Open Access
Type
Report, ResearchAuthor/s
Nicholls, RobAbstract
The SOCI Act has undergone substantial reform since its original enactment but contains
significant blind spots that leave the nation exposed to emerging threats. In my view the
critical gaps are that content delivery networks (CDN) and AI services fall outside the
SOCI Act’s ...
See moreThe SOCI Act has undergone substantial reform since its original enactment but contains significant blind spots that leave the nation exposed to emerging threats. In my view the critical gaps are that content delivery networks (CDN) and AI services fall outside the SOCI Act’s explicit coverage, while space technology remains listed as a sector yet has no defined critical infrastructure assets. These are all fundamental to modern Australian infrastructure but either fall outside the Act’s explicit coverage or remain entirely undefined despite their sector listing. The June 2021 Akamai CDN outage disabled three of Australia’s four major banks for four hours. Healthcare and financial decision-making have ongoing dependence on US-hosted AI services. These gaps are not theoretical concerns but operational vulnerabilities requiring immediate regulatory attention. The SOCI Act framework has evolved through four major amendments between 2021 and 2024, including addressing gaps exposed by the Optus and Medibank breaches. However, this reactive approach was an ex post response rather than threat anticipation. This leaves Australia perpetually one step behind adversaries who have demonstrated both capability and intent to disrupt critical infrastructure
See less
See moreThe SOCI Act has undergone substantial reform since its original enactment but contains significant blind spots that leave the nation exposed to emerging threats. In my view the critical gaps are that content delivery networks (CDN) and AI services fall outside the SOCI Act’s explicit coverage, while space technology remains listed as a sector yet has no defined critical infrastructure assets. These are all fundamental to modern Australian infrastructure but either fall outside the Act’s explicit coverage or remain entirely undefined despite their sector listing. The June 2021 Akamai CDN outage disabled three of Australia’s four major banks for four hours. Healthcare and financial decision-making have ongoing dependence on US-hosted AI services. These gaps are not theoretical concerns but operational vulnerabilities requiring immediate regulatory attention. The SOCI Act framework has evolved through four major amendments between 2021 and 2024, including addressing gaps exposed by the Optus and Medibank breaches. However, this reactive approach was an ex post response rather than threat anticipation. This leaves Australia perpetually one step behind adversaries who have demonstrated both capability and intent to disrupt critical infrastructure
See less
Date
2026Source title
Consultation on the Independent Review of the Security of Critical Infrastructure Act 2018Publisher
Australian Government Department of Home AffairsLicence
Copyright All Rights ReservedFaculty/School
Faculty of Arts and Social SciencesDepartment, Discipline or Centre
Centre for AI, Trust and GovernanceShare