Enhancements to Critical Infrastructure Risk Management Program Rules
Department of Home Affairs
Key Resources
Background
The Department of Home Affairs consulted on enhancements to the Critical Infrastructure Risk Management Program (CIRMP) rules under the Security of Critical Infrastructure Act 2018 (SOCI Act). The enhanced rules impose higher security obligations — including foreign ownership, control, and influence (FOCI) assessments, supply chain vulnerability mapping, and elevated cyber maturity — on asset classes deemed most critical to the economy. The consultation proposed new cyber and information hazard material risks, including risks from "advanced and emerging technology."
Our submission
AI is becoming embedded in critical infrastructure across healthcare, finance, energy, and government services. By 2030, AI could contribute $45–115 billion annually to Australia's economy, amounting to 2–5% of GDP. As AI infrastructure grows in importance, it also becomes a high-value target. Data centres training and operating general-purpose AI models house valuable intellectual property, sensitive data, and computational resources attractive to hostile actors.
Good Ancestors argues that enhancements to the CIRMP rules should address AI as both a target and a vector for harm. The submission makes two recommendations.
Recommendations
1. Extend the enhanced CIRMP rules to "Critical data storage or processing assets." Data centres training and operating general-purpose AI models meet the same criteria used to justify enhanced rules for energy, communications, water, and transport: they underpin other critical infrastructure, and disruption would cascade across sectors. Enhanced obligations would require data centre operators to assess FOCI risks (including from customers renting compute), map supply chain vulnerabilities in AI hardware, and maintain higher cyber maturity baselines.
2. Develop guidance for AI-specific material risks. The proposal for assets to consider AI risks is welcome, but without concrete guidance, responsible entities may not know what "consider AI risk" means in practice. AI introduces novel security vulnerabilities — disruption attacks that degrade AI performance, deception attacks that manipulate AI outputs, and disclosure attacks that extract sensitive training data — that fall outside traditional cybersecurity frameworks. AI also enhances cyber attacks: it can arm non-experts with advanced hacking techniques, automate vulnerability discovery, and modify malware to evade detection. Guidance should draw on work by the UK AI Security Institute, the US AI Safety Institute (NIST), MITRE ATLAS, and Apollo Research, and be updated regularly as AI capabilities evolve.