Virtually every aspect of modern life depends on the security and reliability of critical infrastructure assets such as energy, electric and water utilities, and telecommunications. It’s easy for everyday users to forget that all these systems are interconnected, so that compromise of one system—such as energy—affects multiple essential services across society.
Recognition of this interdependence is at the heart of Australia’s Security of Critical Infrastructure Act (SOCI). The SOCI Act focuses on risk management, incident response, and recovery, and includes Enhanced Cyber Security Obligations for critical infrastructure assets that are deemed Systems of National Significance. Prompted by growing threat activities and geopolitical risk, operators and regulators have increased their efforts to not just prevent cyber incidents but also ensure operational resilience when a crisis occurs.
Because operational systems across critical infrastructure assets rely heavily on identity infrastructure, the availability and integrity of identity systems—in particular Microsoft Active Directory (AD) and Entra ID—are vital for ensuring truly resilient critical infrastructure.
What’s inside
This paper provides a high-level overview of the information that’s essential for cyber security, resilience, and incident response professionals, focusing on the identity-related areas of the SOCI Act. You’ll learn:
- How cyber threats against critical infrastructure have increased
- Five overarching SOCI Act requirements
- Why identity-focused security, resilience, and incident response are essential for SOCI compliance
- How an identity lens helps focus conformance with Enhanced Cyber Security Obligations
- Why overcoming blocks to timely identity system recovery is critical
- Why specialized toolsets purposely designed to secure identity systems are essential for operational resilience and crisis response
Empower your cybersecurity and compliance teams to quickly and efficiently implement SOCI-conformant procedures to keep your identity systems—and operations—resilient, even when the worst happens.
