The Centre assesses the risks of espionage, sabotage and coercion that may arise or increase from a change of ownership, conducts a strategic risk assessment, and then designs proportionate mitigations. We assess risks falling into four categories: people, systems and data, physical and strategic.

We conduct our risk assessments in close consultation with state and territory governments, regulators and private owners and operators, particularly to understand asset vulnerabilities. Information that we may require from companies to inform our understanding of vulnerability includes:

  • company's security policies, i.e. data security and physical security
  • security audits undertaken by a company
  • emergency management plans
  • redundancies
  • offshoring and outsourcing of operations
  • existing regulatory regimes and controls.

These risk assessments take the form of strategic and responsive assessments.

Strategic risk assessments will provide a better understanding of where risks exist in a sector. We will undertake them in collaboration with states, territories and industry, focusing on the five high-risk sectors of telecommunications, electricity, gas, water and ports. More information is available about risk assessments in our fact sheets.

The Centre also undertakes responsive risk assessments to support government decision-making on the possible sale of critical infrastructure assets, including Foreign Investment Review Board (FIRB) applications. Foreign investment applications continue to be assessed on a case by case basis. Early advice provides buyers and some sellers with more certainty about potential requirements for asset sales.

More information is also available in our The Critical Infrastructure Centre and Foreign Investment fact sheet.