In Australia’s National Interest - Security of Critical Infrastructure

The recent fire at Viva Energy’s Geelong refinery has been widely reported as an industrial incident. But what does it reveal about Australia’s broader vulnerability when disruption occurs at nationally critical assets?
In this episode, we move beyond cause and examine consequence — exploring how disruption to a single node in a highly concentrated and globally dependent system can have cascading effects across the economy.
Ukraine has shown us what sabotage and disruption of critical infrastructure really look like. In the years leading up to Russia’s full-scale invasion in 2022, fires, explosions, cyber attacks and supply chain disruptions were often treated as isolated events — many ambiguous at the time, and later attributed to acts of sabotage linked to Russian state activity.
What becomes clear, over time, is the pattern.
Disruption rarely arrives as a single, decisive event — it emerges through a series of smaller incidents that only later form a recognisable and strategically significant pattern.
Events like the Geelong refinery fire may be very different in nature — but they highlight how disruption at critical nodes can have broader consequences. Australia’s fuel system is not immune to these dynamics.
In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory examine what these patterns mean for Australia’s critical infrastructure — and why organisations must shift from a compliance mindset to one focused on assurance, resilience, and understanding their true points of vulnerability.

Insider risk rarely appears suddenly.
In this episode, we explore why behavioural change is often the earliest warning signal — long before systems detect a problem.
Learn how insider risk develops over time, how to recognise subtle behavioural indicators, and how organisations can respond early through human-centric approaches, strong culture, and proportionate action.
Technology detects events. Behaviour reveals trajectories.
The earliest signals of insider risk are not hidden in systems — they are visible in people.
🎧 Listen to understand how to recognise these signals earlier — and respond before risk becomes an incident.
Brought to you by Pentagram Advisory
Supporting organisations to strengthen resilience across insider threat, workforce security, and critical infrastructure protection.

This article explores the risks and consequence for Australia stemming from the 2026 war with Iran and resultant oil supply shock.

Why People Protect the Organisation
What drives people to act in the organisation’s interest—especially when no one is watching?
In this episode, we explore why security is not sustained by controls alone, but by human behaviour. We examine the role of intrinsic motivation, trust, and purpose in shaping security culture, and how these factors influence insider risk.
Drawing on insights from workforce assurance and Trusted Workforce Programs, this discussion highlights how organisations can move beyond compliance to build environments where people choose to act responsibly.
Because ultimately, security depends not just on systems—but on people.
Presented by Pentagram Advisory
Supporting organisations to strengthen security, resilience, and workforce assurance in complex environments.
This podcast reflects insights gained through our work across Australia’s critical infrastructure sector, informed by collaboration with the SOCI community, ongoing research, and engagement with government.

Pentagram Advisory Pty Ltd invites you to watch and / or listen this recording of our recent article about the risks that war with Iran poses to Australia's critical infrastructure entities.

Whilst critical infrastructure entity attack surfaces span a myriad of threat vectors, including cyber attacks, Pentagram's article focuses on the people component - those people employed within Australia's critical infrastructure entities as possible sources of harm.

Iranian expatriates in Australia are of course especially vulnerable to Iranian government interference, coercion, and espionage. Australia, as a compassionate pluralist society, will see our first instinct be to offer assistance and protection to this group. But we must also appreciate that there is a risk, likely from a very few Iranians, that there could be insider threats, either coerced of volunteering to undertake acts of harm against Australia's critical infrastructure.

We also must appreciate that Khamenei was not just head of the Iran theocracy, but was a global Shia leader and sponsor of terror. On that basis, non-Iranian Shia and anti-Westerners may also be aggrieved by Khamenei's assassination at the beginning of the war, and by the ongoing war. Such people may also be coerced or volunteer to cause harm in Australia.

This is a challenging topic, rife for rendering by some people as a dog whistle for discrimination based on religious or ethnic affiliation. That can be one way to view this matter.

Another way to view discussion about this threat is to admit to the reality that we have evidence of Iranian government acts that have, and continue to, intimidate Iranian expatriates living in Australia. Further, the Iranian Government has sponsored violence in Australia. And that was before the war!

Do we ignore reality, and the increased likelihood of Iranian Government action against Australia (there are reports of increased cyber attacks from Iranian sources), or do we shy away from known and potential harms to Australia for fear of offending a small group of people?

Remember, vanishingly few people will evolve to become pro-Iranian insider threats, more are likely to be coerced to act or volunteer to act. Either way, the harm is the same. To protect Australia's critical infrastructure, a key foundation of Australia's national security, leaders need to understand the reality of the threats we face and that requires the courage to engage with difficult challenges as explored in the article.