A shield with a sun on it is on a blue background.

 Security of Critical Infrastructure (SOCI Act)

A shield with a sun on it is on a blue background.
An icon of a hand holding a padlock on a blue background.

Security of Critical Infrastructure (SOCI Act)

A framework for safeguarding Australia's critical assets, networks, and systems.

What is Security of Critical Infrastructure (SOCI Act)


The SOCI Act stands for the Security of Critical Infrastructure Act 2018. It's an Australian law designed to improve the protection & resilience of critical infrastructure sectors in the country.


The Australian government has modified the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) to create stricter regulations for critical infrastructure in response to the growing threat of cyber attacks on these assets.


In order to properly secure their assets, responsible businesses within designated critical infrastructure sectors are required to adhere to certain "obligations."

A server room with a padlock in the middle of it

Here's a breakdown of the SOCI Act

Purpose

To safeguard essential services provided by critical infrastructure assets from cyber threats and other security risks.

Critical Infrastructure Sectors

The Act covers a broad range of sectors considered vital to Australia's national security, prosperity and public safety. Originally encompassing four sectors, it has since expanded to eleven, including:

  • Essential Services

    • Energy
    • Water
    • Transport
    • Communications

  • Financial and Information Infrastructure

    • Financial Services
    • Data Storage and Processing

  • Social and Public Services

    • Healthcare
    • Food and Grocery
    • Postal and Freight Services
    • Higher Education

  • National Security

    • Sovereign Capability

Key Obligations

The Act outlines various obligations for organisations that own, operate, or have a direct interest in critical infrastructure assets. These obligations include:

  • Providing information

    • Registering critical infrastructure assets with the government and reporting cyber incidents that could significantly impact service delivery.

  • Risk Management

    • Developing and implementing a risk management program to identify, assess, and mitigate security risks.

  • Compliance with standards

    • Maintaining cybersecurity standards and controls as specified by the Act.

Recent Developments

The SOCI Act has undergone amendments to further strengthen its effectiveness. These amendments include expanding the scope of covered sectors and introducing mandatory cybersecurity exercises for critical infrastructure entities.

Importance of the SOCI Act:

The SOCI Act plays a crucial role in safeguarding Australia's critical infrastructure from cyberattacks and other security threats. By requiring robust cybersecurity practices and promoting collaboration between the government and industry, the Act helps to ensure the continued operation of essential services that Australians rely on every day.