Critical infrastructure managers will be subject to new rules designed to protect essential services that contribute to Australia's security, prosperity and sovereignty.
Cyber Security Minister Clare O'Neil announced a Risk Management Program had commenced, which requires businesses responsible for critical infrastructure to consider hazards and take tangible steps to manage risks to their operations.
Critical infrastructure includes energy and water, food, health care, transport, supply chains and communications.
The minister said the new rules embed preparation, prevention and mitigation into standard practices and provide operators with greater awareness of threats.
"We must continue to ensure the security of our essential services ... and protect them from a range of threats, including cyber, physical, personnel, supply chain and natural hazards," she said.
"We need to ensure our critical infrastructure security arrangements keep pace with the evolving threat environment and continue to deliver the essential services we all rely on."
The government also launched a resilience strategy designed to protect critical infrastructure from security threats and support managers and owners through regulation and collaboration.
"The increasingly interconnected nature of critical infrastructure exposes vulnerabilities that could result in significant consequences to our security, economy and sovereignty," Ms O'Neil said.
"We need to ensure our critical infrastructure security arrangements keep pace with the evolving threat environment and continue to deliver the essential services we all rely on."
The announcement comes ahead of ASIO director-general Mike Burgess delivering the annual national threat assessment.
Mr Burgess will update Australians on the nation's risk profile to security threats such as espionage, terrorism and foreign interference.
