The Australian Security of Critical Infrastructure (SOCI) Act 2018 was designed to safeguard Australia's essential services and infrastructures from security risks, be it cyber or physical. While the focus often lies on external threats, one must not overlook the looming danger that comes from within— the 'trusted insider.'

In particular, Part 2A of the SOCI Act mandates that entities must adhere to a Risk Management Program to protect their critical assets. The program should foster a comprehensive understanding of the threat environment and create processes and procedures to respond effectively to material risks. This article aims to delve into why proactive monitoring of trusted insiders, through the deployment of specialised risk management platforms, is paramount for any organisation aiming to comply with Part 2A of the SOCI Act.

Why Insider Threats are Critical

When thinking of security threats to critical infrastructure, the mind naturally wanders to hackers and external agents. However, the 'trusted insiders'—employees with privileged access—are often in an opportune position to disrupt systems and cause significant damage. Their intimate knowledge of organisational processes makes them uniquely capable of navigating security protocols, sometimes bypassing them altogether.

The Consequences of Inadvertent Actions by Trusted Insiders

It is essential to note that not all insider threats are malicious in nature. In fact, history has shown that inadvertent actions by trusted insiders have led to significant data breaches and compromises in critical infrastructure. Whether through accidental data leakage, improper disposal of sensitive information, or misconfiguration of security settings, the unintentional errors made by employees can have consequences just as severe as those stemming from deliberate actions. These incidents underscore the need for robust insider threat programs that are designed to catch not just malicious activities but also inadvertent errors. In this context, Insider Risk Management Platforms serve a dual purpose: they act as a deterrent for malicious insider activity and as a safety net to catch unintentional errors before they escalate into crises. Ignoring this facet of the insider threat landscape could mean failing to address a significant portion of the risk, a lapse that could have dire consequences for any critical infrastructure.

The SOCI Act Part 2A: Risk Management Program and the Role of Trusted Insiders

Part 2A of the SOCI Act is a pivotal component that mandates critical infrastructure entities to develop and adhere to a comprehensive Risk Management Program. While this section wisely encompasses a variety of risks, including cyber threats, natural disasters, and supply chain vulnerabilities, it also implicitly acknowledges the need to scrutinise the role of trusted insiders in the security framework.

Trusted insiders, who often have privileged access to sensitive systems, data, and infrastructure, represent a unique and complex risk. These individuals are typically employees, contractors, or partners who have been vetted and are considered reliable. However, their privileged status provides them with the opportunity to cause disproportionate harm, either maliciously or inadvertently. Under Part 2A, entities are encouraged to have a well-defined scope and policy to monitor the activities of these insiders rigorously.

The Act suggests that Risk Management Programs should feature multi-faceted approaches that include comprehensive background checks, regular training on security protocols, and real-time monitoring. Such monitoring would ideally cover not just job-related performance metrics but also potential indicators of insider threats, like unauthorised data access or irregular patterns in system usage. This holistic understanding of the trusted insider risk enables entities to create countermeasures that are not just reactive but also proactive.

In a nutshell, Part 2A of the SOCI Act serves as a constructive guideline for organisations to recognise and act upon the complex threats posed by trusted insiders. By integrating rigorous insider threat protocols within their Risk Management Programs, organisations can more effectively identify, assess, and mitigate the risks associated with this particularly sensitive group. Doing so not only aligns with the compliance requirements of the Act but also significantly elevates the overall security posture of the critical infrastructure.

Proactive Monitoring: The Most Effective Way to Mitigate Risks

In compliance with Part 2A, adopting a proactive approach towards employee monitoring can be incredibly effective. It is here that Insider Risk Management Platforms can add immense value. These platforms not only offer near real-time monitoring but also employ advanced analytics to identify abnormal behavioural patterns among employees.

For example, a platform might flag unauthorised access to sensitive data or unusually long periods of system inactivity. These are critical insights that can alert an organisation to potential threats before they escalate into full-blown crises. Not only does this reduce the risk, but it also serves to uplift the security culture within an organisation, making each member more aware of their role in maintaining a secure environment.

Legal and Ethical Considerations

The deployment of proactive monitoring solutions does raise questions about employee privacy. However, the SOCI Act, with its focus on national security, grants a level of legal latitude to organisations in implementing such measures, provided they are done responsibly and transparently. Informing employees about the monitoring measures and educating them on the reasons for its implementation can go a long way in alleviating privacy concerns.

In Summary

The Australian Security of Critical Infrastructure Act 2018, particularly Part 2A, serves as a critical blueprint for entities to manage their risk landscape effectively. A balanced approach that takes into account both external and internal threats is essential for compliance and for securing critical assets. Adopting Insider Risk Management Platforms for proactive monitoring of 'trusted insiders' should be considered not just a requirement but a cornerstone for a secure, alert, and responsible organisation. By doing so, entities will not only be adhering to the mandates of the SOCI Act but will be setting a standard for what a comprehensive, nuanced approach to security risk management should look like. It's time we recognise that safeguarding our future means looking within, as much as looking out.

Christopher McNaughton

Strategic Advisor, ShadowSight

Who is Christopher McNaughton

Chris is a proficient problem solver with a strategic aptitude for anticipating and addressing potential business issues, particularly in areas such as Insider Threat, Data Governance, Digital Forensics, Workplace Investigations, and Cyber Security. He thrives on turning intricate challenges into opportunities for increased efficiency, offering pragmatic solutions derived from a practical and realistic approach.

Starting his career as a law enforcement Detective, Chris transitioned to multinational organisations where he specialised and excelled in Cyber Security, proving his authority in the field. Even under demanding circumstances, his commitment to delivering exceptional results remains unwavering, underpinned by his extraordinary ability to understand both cyber and business problems swiftly, along with a deep emphasis on active listening.

What is ShadowSight

ShadowSight is an innovative insider risk staff monitoring tool that proactively guards your business against internal threats and safeguards vital data from unauthorised access and malicious activities. We offer a seamless integration with your current systems, boosting regulatory compliance while providing unparalleled visibility into non-compliant activities to reinforce a secure digital environment. By prioritising actionable intelligence, ShadowSight not only mitigates insider threats but also fosters a culture of proactive risk management, significantly simplifying your compliance process without the overwhelming burden of false positives.