Australia’s critical infrastructure is facing an increasingly complex landscape of threats that no single agency, business or policy can solve alone. That was the message from Hamish Hansford, Head of National Security at the Department of Home Affairs, in his address to the Australian Institute of International Affairs Queensland.
Mr Hansford, who also serves as Australia’s Counterterrorism Coordinator and Countering Foreign Interference Coordinator, outlined a decade’s worth of lessons learned from working across cyber, transport and infrastructure security. His seminar traced the evolution of Australia’s national security mission from traditional counterterrorism to managing “convergent risks” – the overlapping and accelerating threats posed by cyberattacks, sabotage, insider threats, foreign interference and climate events.
“Risk is deeply embedded in our society – in every system, every piece of technology and every person,” Mr Hansford said. “You can’t outsource it. It’s part of the fabric in modern Australia.”
The Era of Converging Threats
Mr Hansford described the current landscape as one where state-based cyber operations, organised crime and physical sabotage are increasingly intertwined. He cited more than 15 incidents of telecommunications tower sabotage in the past two years, from copper theft to deliberate vehicle collisions as evidence of this deterioration.
“Criminal threats to telecommunications infrastructure are being linked to lucrative activities such as copper theft,” he noted, warning that these patterns indicate a broader erosion of security around essential networks.”
The digitisation of infrastructure, while driving productivity, has also created new vulnerabilities. Mr Hansford pointed to the threat of intellectual property stored in cloud systems and the growing exposure of operational technology systems, such as SCADA networks which is a control system that monitors and manages industrial processes in real-time. Networks like SCADA are significantly relied on by utilities and transport infrastructure. “One company admitted that 25 per cent of its holdings were not actually its own,” he said, highlighting the scale of IP leakage and cyber-enabled corporate espionage.
Avoiding a Catastrophic Wake-Up Call
Australia, Mr Hansford argued, has been “exceptionally fortunate” to have avoided a catastrophic incident – one that completely shuts down essential systems resulting in disrupted public order. He referenced the 2016 South Australian grid collapse, the foiled 2017 aircraft plot and the string of major cyberattacks on Optus, Medibank and DP World as “near misses.”
“We haven’t yet had an infrastructure asset rendered inoperable,” he cautioned. “But that day will come – every day we spend focusing only on data breaches is a day lost in preparing for a national scale crisis.”
To that end, Mr Hansford revealed that the Department of Home Affairs has identified 220 systems of national significance – the most interdependent assets in the economy – and is working with their operators to build and test incident response plans. “The worst time to write a crisis plan,” he said, “is in the middle of one.”
Risk, Resilience, and Responsibility
A recurring theme of Mr Hansford’s address was the need for a culture of proactive security, extending from cabinet tables to boardrooms and classrooms. “Security should be baked into every infrastructure asset from the beginning,” he said. “It’s not a cost centre — it’s a productivity enabler.”
He warned that many companies still view security as a compliance burden rather than an operational necessity, with some critical assets lacking even basic physical protections or continuity procedures. “We found one major asset with no written plan for what to do if something went wrong,” he said. “Another had no idea who actually owned it.”
In response, the government has strengthened the Security of Critical Infrastructure Act (SOCI), introducing a mandatory risk management program for 14 categories of essential service providers. These measures are designed to integrate security into corporate decision-making and elevate risk management to a board-level responsibility.
Mr Hansford acknowledged that regulation alone was not enough. “Compliance is the foundation,” he said, “but we have to move beyond it — towards curiosity, capability, and collaboration.”
A National Conversation on Resilience
Beyond industry and government, Mr Hansford emphasised the role of public resilience. Drawing comparisons with Finland, Sweden, and the UK, he said Australia must begin to engage its population in resilience-building, from digital literacy to disaster preparedness.
“We’ve built a nation of technology users,” he said, “but not many who understand how technology works.”
This extends to the information environment, where misinformation and extremist narratives can amplify instability. Responding to a question about sovereign citizens and the far-right, Mr Hansford noted that digitisation has “accelerated radicalisation and disinformation,” and that foreign interference often operates through “covert, deceptive or intimidating activity” rather than overt propaganda.
Australia has already seen three arrests and one successful prosecution under its foreign interference laws, he added — a signal of how national security threats are evolving.
The Road Ahead
Mr Hansford concluded by stressing that security and resilience must become national, non-competitive priorities shared by both government and industry. The Department of Home Affairs’ Trusted Information Sharing Network (TISN), which brings together thousands of industry representatives, remains central to that effort.
“Our goal is to change the national conversation,” he said. “Security shouldn’t be a competitive advantage — it should be a shared mission.”
His remarks underscored a broader truth: that Australia’s prosperity and productivity depend on the invisible systems that power daily life — and on the foresight to protect them before the next crisis strikes.
Edited by Deborah Bouchez
Written by Chloe Leung
Currently in her third year of a double degree in Communications/Journalism and International Relations at Griffith University, Chloe Leung is passionate about intersectionality in global development – particularly centring the voices of marginalised communities.
