top of page


Where to find us and how we're contributing to the the open-source intelligence community.

13 Feb 2024

OSINT key in safeguarding critical infrastructure

OSINT Combine's Emerald Sage and Matt Ferndale recently gave a keynote presentation to bring awareness to the role that open-source intelligence (OSINT) plays in critical infrastructure security. They presented at the Combined Gippsland Essentials Industries Group (CGEIG) alongside Josh Reeve from security and protection services company, Empire Protection.

This CGEIG event is an important meeting of key representatives from critical infrastructure operators across energy, environment, transportation, law enforcement, and emergency services.

This forum reflects the diverse array of critical infrastructure operators. In Australia, they span 11 sectors across Australia's economy. Securing our critical infrastructure is therefore a complex task, requiring a range of tools and technologies. 

OSINT provides real-time information from publicly available sources. Organisations can proactively monitor potential threats, vulnerabilities, and emerging risks to critical infrastructure assets. OSINT can be shared across industries and sectors, facilitating collaboration and rapid response. 

Applying OSINT to your Critical Infrastructure Risk Management Plan (CIRMP)

Within Australia, if you own, operate, or have direct interests in critical infrastructure assets, you likely have obligations under the Security of Critical Infrastructure (SOCI) Act. The SOCI Act and its amendments describe Positive Security Obligations (PSOs) which include a requirement that critical infrastructure organisations adopt and maintain a Critical Infrastructure Risk Management Program (CIRMP). ​

CIRMPs ensure responsible entities identify and take steps to minimise ‘material risks’, ‘hazards’, or vulnerabilities​. The Cyber and Infrastructure Security Centre has prioritised four key “hazard vectors” or vulnerabilities:​

  • Physical security.

  • Cyber and information security.

  • Personnel – the ‘trusted insider’ risk posed by critical workers who have the access and ability to disrupt the functioning of the asset.

  • Supply chain – risk of disruption to critical supply chains leading to a relevant impact on the critical infrastructure asset​.

Matt and Emerald demonstrated how OSINT can be applied to each vulnerability identified by The Cyber and Infrastructure Security Centre.

Email us to find out how we can help you with your CIRMP -

bottom of page