The Centre assesses the risks of espionage, sabotage and coercion that may arise or increase from a change of ownership, conducts a strategic risk assessment, and then designs proportionate mitigations. We assess risks falling into four categories: people, systems and data, physical and strategic.

We conduct our risk assessments in close consultation with state and territory governments, regulators and private owners and operators, particularly to understand asset vulnerabilities. Information that we may require from companies to inform our understanding of vulnerability includes:

  • a company’s cyber security and physical security
  • security audits undertaken by a company
  • emergency management plans
  • redundancies
  • offshoring and outsourcing of operations
  • existing regulatory regimes and controls.

These risk assessments take the form of strategic and responsive assessments.

Strategic risk assessments provide a better understanding of where risks exist in a sector. We undertake them in collaboration with states, territories and industry. More information is available about risk assessments in our fact sheets.

The Centre also undertakes responsive risk assessments to support government decision-making on the possible sale of critical infrastructure assets, including Foreign Investment Review Board (FIRB) applications. Foreign investment applications continue to be assessed on a case by case basis. Early advice provides buyers and some sellers with more certainty about potential requirements for asset sales.

For more information see The Critical Infrastructure Centre and Foreign Investment Fact Sheet.