The bombings also underline the importance of ensuring that we are able to manage both foreseeable and unexpected risks and continue to deliver the essential services necessary for everyday life.   

The annual Critical Infrastructure Resilience Conference provides an excellent opportunity for critical infrastructure professionals to come together to share new ideas, discuss opportunities and risks, and build those crucial relationships that may prove invaluable during a future crisis.  

The conference program includes presentations on a broad range of topics, including how to create a resilience culture, crisis communications during an incident, and managing the unexpected in a complex global supply chain.  

These presentations will be given by experts and practitioners with deep experience and first-hand knowledge.  

2013 also marks the 10^th anniversary of the establishment of the Trusted Information Sharing Network (TISN) for Critical Infrastructure.  

The Trusted Information Sharing Network for Critical Infrastructure Protection was established in April 2003 in the wake of the September 11 terrorist attacks and the 2002 Bali Bombings.  It was instituted as a forum for cooperation and information sharing between the Australian Government and the owners and operators of critical infrastructure.  

While there was an early focus on the threat of terrorism to critical infrastructure, the Network quickly expanded to cover all hazards.  

It has successfully reinvented itself over the past 10 years, to cover not only issues important to business and government such as pandemic planning and response, but also to shift strategic focus from protection to resilience. 

As the Trust Information Sharing Network has matured, sector-based information sharing has expanded to include more detailed analysis and understanding of cross-sector dependencies and vulnerabilities.  A deeper appreciation of knock-on effects from disruptions in other sectors is a key achievement of the Network over the past 10 years.

The Government’s approach to enhancing the resilience of our critical infrastructure continues through effective engagement with business and the owners and operators of critical infrastructure.  The Critical Infrastructure Resilience Conference is an important initiative to support this business-government partnership. Partnerships are recognised and encouraged in the Government’s Critical Infrastructure Resilience Strategy.

The Government’s National Security Strategy, released by the Prime Minister in January, also emphasises the importance of partnering with business and industry to ensure continuity of essential services by critical infrastructure owners and operators in the face of all hazards.

Strengthening the resilience of Australia’s people, assets, infrastructure and institutions is one of the eight pillars of Australia’s national security identified in the National Security Statement.

The Australian Government plays a key role in driving Critical Infrastructure Resilience initiatives, supporting other levels of government and the business community where appropriate.

Our main objectives are:

• first, to ensure that critical infrastructure owners and operators are effective in managing foreseeable risks and threats to the continuity of their operations, through an intelligence and information-led, risk-informed approach, and
• second, that critical infrastructure owners and operators enhance their capacity to manage unforeseen or unexpected risks to the continuity of their operations, by building organisational resilience.

As owners and operators of critical infrastructure, you face a broad range of reasonably foreseeable risks and threats - from theft and equipment failure through to cyber-attacks.

Cyber security is an area in which the challenges to both business and government are enormous.  The days in which our operations, assets or information could be protected through physical security measures such as gates and guards are long gone. 

The lines between the cyber-criminal and the cyber-spy are also becoming increasingly blurred, with the economic interests of nation states more globalised than ever.

Cyber security is a key focus of the National Security Strategy announced by the Prime Minister in January this year.  As part of that strategy, work is underway to establish the new Australian Cyber Security Centre. 

The centre will help develop a comprehensive understanding of the cyber threat to Australian Government networks and the Australian industry and business sector from the full spectrum of malicious cyber actors - from cyber criminals and lone hackers, through to nation states.

It will ensure that the Australian Government is able to do all it can to protect our critical infrastructure, our economy and broader society from the already very active world of cyber threats.

Our national Computer Emergency Response Team, CERT Australia, located within my department, will also continue to play a major role.

The CERT provides cyber security threat and vulnerability information to help major businesses manage risk, and support incident response.

To date, the CERT has established partnerships with around 500 private sector organisations.  This network of organisations underpins the operation of critical infrastructure across Australia.

As owners and operators of critical infrastructure, you also face a range of unforeseen and unexpected risks.

Some of the best examples of these risks have been demonstrated over recent disaster seasons.

Climate scientists tell us that the magnitude and intensity of extreme weather events will continue to increase in the coming years as our climate changes.

Our recent summer of devastating floods, fires, storms and cyclones has left few Australians in any doubt about the influence global warming is having on our climate and the threat that now poses to our communities and our economy.

These disasters will come again. And they will almost certainly disrupt the operations of telecommunication and electricity providers, transport networks and other activities either by direct impact, or impacts on the supply chain.

Many organisations might also be called on to help with relief and recovery efforts.  

As we confront this new level of disruption – and it will be a chronic cycle of disruption if the world fails to slow down climate change - the more important it is to learn quickly from each disaster and share our knowledge with other owners and operators of critical infrastructure.

We did this previously with the ‘Lessons Learned Report’ from the 2010-11 summer disaster season.

A potential area for improvement identified by the report was better cooperation at all levels of government, and across sectors.

This includes State and Territory governments, which have primary responsibility for the preservation of life and property in their jurisdictions.  They are the first responders in the event of a disaster, such as the recent Tasmanian bushfires or the Queensland floods.

For this reason that the Critical Infrastructure Advisory Council, and the Australia-New Zealand Emergency Management Committee – both important leadership groups in their areas – are working together to develop a joint work program around emergency management issues of mutual interest that require a national approach.

This approach is consistent with both the Critical Infrastructure Resilient Strategy and the National Strategy for Disaster Resilience.  Both strategies advocate the application of a resilience-based approach where responsibility is shared between individuals, households, businesses, communities and governments.

The important link between critical infrastructure resilience and disaster resilience is that communities will be more resilient if they continue to receive essential services such as power, water and telecommunications before, during and after a crisis.

Many organisations already understand they need the capacity to address the unexpected and deal with sudden shock, regardless of the situation. This approach has become known as organisational resilience.

As you are all aware, business is under increasing pressure to manage strategic and operational risks, while continuing to deliver value to shareholders, and products and services to customers.

There are many risks that can lead to an erosion of the market position of an organisation, and sometimes, collapse.  Physical, legal, financial, technological and reputational risks all need to be identified, constantly monitored and carefully managed.

Many of these risks are reasonably foreseeable and are able to be addressed through existing corporate processes and management systems.

For example, identifying a physical or electronic threat through a risk assessment process, then acting to mitigate it, is standard practice in most organisations.

However, the complexity and changing nature of the economy, technology and society means traditional approaches to managing risk, which require a good understanding of likelihood and consequence, need to be increasingly adaptable and flexible.

Traditional processes are useful in managing reasonably foreseeable risks, but can discount scenarios that have not yet occurred, and lead to an overly rigid response predicated on written plans for specific events or incidents.

Our approach needs to take into account the proliferation of digital technologies, global markets and supply chains, complicated regulatory environments, and multiple groups with competing interests.

So what is organisational resilience? It is sound risk management, effective emergency or crisis management and business continuity management, but it is also more than that. Resilient organisations exhibit a range of behavioural attributes in their leadership, in their networking, in their readiness for change and in developing a culture of trust.

Organisational resilience leads to a faster return to pre-disruption performance, enhanced reputation with stakeholders, and increased staff morale, commitment and productivity.

Importantly, from a government’s perspective, this responsiveness benefits stricken communities that depend on critical infrastructure organisations for essential goods or services.

Developing and promoting a body of knowledge on organisational resilience is one of the key initiatives of the Government’s Critical Infrastructure Resilience Strategy and a major body of work being led by my department.

At the last Critical Infrastructure Resilience Conference, we launched “Research Paper 1: CEO Perspectives on Organisational Resilience”, which I understand has been very well received.

The paper highlighted these key behavioural attributes.

The CEOs surveyed identified the culture of the organisation as being the single most important source of resilience.

Through the encouragement of effort and ingenuity in its people, an organisation maximises its capacity to deal with major disruptions to its operations.

My department is developing materials to help business to better understand the concept and to view resilience as a “Smart Investment”.

I am very pleased to be here today to launch a short and digestible report that contrasts the unique benefits of organisational resilience with more traditional corporate strategies.

The themes and concepts within the report are highly relevant to all organisations.

The‘Organisational Resilience’report is a joint effort between my department and the global consulting company: Ernst and Young.

Iwould like to thank Ernst and Young for their contribution to this ever expanding field of research and I note that Mike Trovato from Ernst and Young will be presenting a little later this morning on the value proposition of organisational resilience. 

I would also like to thank those in my department who have made a substantial contribution to this work.

I encourage you all to read the report.

It is with great pleasure that I now officially open the 2013 Critical Infrastructure Resilience Conference.

The Conference is an important event in the business-government partnership for critical infrastructure, which forms the foundation of the Government’s efforts to ensure the continuity of essential services to the community.

So, I encourage you to enjoy the next two days, you have a terrific program – and I look forward to hearing about the Conference outcomes.