In Australia’s National Interest - Security of Critical Infrastructure

In March 2026, the Commonwealth Government published the Independent Review of the Security of Critical Infrastructure Act 2018. The intent of the Review, conducted by Dr Jill Slay between November 2025 and January 2026, was to assess whether Australia's Security of Critical Infrastructure Act 2018 (SOCI Act) is achieving its intended objectives, functioning as intended, and is not producing unintended consequences.
 
In this article, Pentagram Advisory Pty Ltd (Pentagram) will provide excerpts of the Review and also comment on components of the Review that Pentagram considers to be of most interest to Pentagram’s SOCI client entities and to our Community of Practice.

The recent fire at Viva Energy’s Geelong refinery has been widely reported as an industrial incident. But what does it reveal about Australia’s broader vulnerability when disruption occurs at nationally critical assets?
In this episode, we move beyond cause and examine consequence — exploring how disruption to a single node in a highly concentrated and globally dependent system can have cascading effects across the economy.
Ukraine has shown us what sabotage and disruption of critical infrastructure really look like. In the years leading up to Russia’s full-scale invasion in 2022, fires, explosions, cyber attacks and supply chain disruptions were often treated as isolated events — many ambiguous at the time, and later attributed to acts of sabotage linked to Russian state activity.
What becomes clear, over time, is the pattern.
Disruption rarely arrives as a single, decisive event — it emerges through a series of smaller incidents that only later form a recognisable and strategically significant pattern.
Events like the Geelong refinery fire may be very different in nature — but they highlight how disruption at critical nodes can have broader consequences. Australia’s fuel system is not immune to these dynamics.
In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory examine what these patterns mean for Australia’s critical infrastructure — and why organisations must shift from a compliance mindset to one focused on assurance, resilience, and understanding their true points of vulnerability.

Insider risk rarely appears suddenly.
In this episode, we explore why behavioural change is often the earliest warning signal — long before systems detect a problem.
Learn how insider risk develops over time, how to recognise subtle behavioural indicators, and how organisations can respond early through human-centric approaches, strong culture, and proportionate action.
Technology detects events. Behaviour reveals trajectories.
The earliest signals of insider risk are not hidden in systems — they are visible in people.
🎧 Listen to understand how to recognise these signals earlier — and respond before risk becomes an incident.
Brought to you by Pentagram Advisory
Supporting organisations to strengthen resilience across insider threat, workforce security, and critical infrastructure protection.

This article explores the risks and consequence for Australia stemming from the 2026 war with Iran and resultant oil supply shock.

Why People Protect the Organisation
What drives people to act in the organisation’s interest—especially when no one is watching?
In this episode, we explore why security is not sustained by controls alone, but by human behaviour. We examine the role of intrinsic motivation, trust, and purpose in shaping security culture, and how these factors influence insider risk.
Drawing on insights from workforce assurance and Trusted Workforce Programs, this discussion highlights how organisations can move beyond compliance to build environments where people choose to act responsibly.
Because ultimately, security depends not just on systems—but on people.
Presented by Pentagram Advisory
Supporting organisations to strengthen security, resilience, and workforce assurance in complex environments.
This podcast reflects insights gained through our work across Australia’s critical infrastructure sector, informed by collaboration with the SOCI community, ongoing research, and engagement with government.