Christopher Smith (Telstra Purple)
Telstra Purple has launched a service to help customers understand and adapt to upcoming legislative changes to critical infrastructure security.
The telco's managed services arm will offer a bespoke service focused on the two sets of amendments to the Security of Critical Infrastructure Act (2018).
The first set, which was passed in December 2021, will cover the induction of 11 sectors as critical infrastructure, giving the government emergency powers to take control of infrastructure during significant cyber attacks as a result.
The second set of amendments, which is currently before the government, covers declarations of systems of national significance, enhanced cyber security obligations and positive security obligations. These are now set to be defined in legislation.
According to Telstra Purple principal security consultant John Powell, the service is needs-based, but includes advice, which can cover the development of an information security management system (ISMS), cyber detection and response, incident response readiness assessments, vulnerability assessments and cyber exercises.
However, the service isn’t just the 11 new sectors, including data centres and telecommunications, that are set to benefit from the new service, but other sectors too.
In fact, Powell said Telstra's customers based in supply chains that support critical infrastructure have also been asking Telstra for help.
“The supply chain will extend the requirements so much further,” he explained. “This is about other organisations, outside critical infrastructure, who are supply chain partners to critical infrastructure entities.
"When they ask, 'how do we make sure that we're fulfilling our obligations and that we are managing our risks appropriately to continue being suppliers to critical infrastructure?', Telstra Purple can help with developing the governance around cyber security that will assist those organisations in meeting the cyber obligations of this Bill.”
Telstra Purple lead Chris Smith claimed from a risk management perspective, supply chains are posing the biggest risk to businesses in Australia.
“With this new legislation, we're really reaching a tipping point around how we think about that,” he said.
“As a country, we believe we need to work as a team to understand and then mitigate those risks. The biggest impact on IT professionals and managers [is the] need to shore up our networks and have the foundational controls in place to understand what and where our critical data is; define and understand particular risks for your own organisation and how to mitigate them."
“To do that we need to leverage the right skills; security professionals are unique and not easy to come by. So, we think that team Telstra — both Telstra and Telstra Purple — [is] well placed to assist our customers in keeping safe.”
The launch of this service follows the launch of Telstra Hybrid Cloud, a managed public and private cloud solution, back in December.
