What Critical Infrastructure Teaches Us About Enduring OSINT Capability

When things go right in critical infrastructure, nothing happens. The lights stay on, planes fly, and ports stay open. Critical infrastructure is more important than ever to Australia, and increasingly its stability depends on the unseen work of open-source intelligence (OSINT), which helps organisations detect emerging threats and act before they escalate.

At the Australian OSINT Symposium 2025 (AOS2025), leaders from across Australia’s critical infrastructure sector explored how OSINT helps them do exactly that. Their experiences reveal that enduring capability isn’t built on technology alone—it’s built on people, trust, and a culture of awareness that sustains operations.

Across very different missions, five clear lessons emerged about what it takes to make OSINT capability endure. Here’s what they shared. 

OSINT is a Continuity Enabler 

Critical infrastructure professionals don’t just use OSINT to respond when something goes wrong, they use it to stay ahead of disruption and keep operations stable. 

CI-ISAC Australia’s Stephen Beaumont, and chair of the AOS panel, reminded the audience that critical infrastructure organisations face 360-degree threats—from cyberattacks to human error and supply-chain disruption—that create ongoing risk. Building resilience to protect against these risks is just as much a focus as is incident response.

At the Port of Melbourne, Steve Holmes described how OSINT gives his organisation visibility over one-third of Australia’s container trade. By monitoring global logistics movements, local protest activity and tenant vulnerabilities, the team can respond before threats escalate. 

Steve Holmes summed it up simply: “No shipping, no shopping.” For critical infrastructure operators, the phrase captures the stakes—without foresight and situational awareness, the flow of goods, fuel and food can grind to a halt. 

For a deeper look at how OSINT helps critical infrastructure organisations understand and manage their exposure, see our OSINT for Critical Infrastructure: Investigating Organisational and Personnel Online Footprint blog, which explores how digital footprints can reveal unseen vulnerabilities across essential services.

Start Small, Build Human 

Enduring capability often starts with a small, focused efforts that connect OSINT insights to mission outcomes—proving their value through daily relevance. Strong industry and cross-sectoral collaboration are as important as ever to share experiences, resources, and sharpen collective capability.

At the Royal Flying Doctor Service (RFDS), OSINT is not a separate function but part of its culture of collaborative care. Adam Carey explained that his team uses OSINT to monitor healthcare-specific threats such as medical-device vulnerabilities and donor-system exposures—protecting the people who deliver care, not just the systems that support them.

That same mindset runs through other critical infrastructure organisations. Reflecting on her time at Australia’s Academic and Research Network (AARNet), Nadia Taggart described how researchers naturally share open data, observations and indicators of compromise within their communities—a habit that strengthens collective visibility. As Nadia put it, “That whole thing that researchers share that makes us problematic, is also amazing when we’re trying to share intel.”

Manage Human-Related Risk with Empathy 

People remain both the most powerful defence and the most complex vulnerability in critical infrastructure. Across sectors, OSINT helps leaders read human patterns before they turn into incidents. 

The Australian Radiation Protection and Nuclear Safety Agency (ARPANSA)’s Luke Roempke noted that insider threats are probably the most serious security challenge to nuclear facilities.  With more staff working remotely, oversight diminishes while exposure grows. He argued that the goal isn’t surveillance but support—using open-source insight to identify stressors or pressure points early and “keep people in the green zone”.

Nadia Taggart added that for AARNET “a lot of our insiders are students—and they share everything.” In open environments like universities, transparency can be both a risk and a strength. OSINT helps leaders turn openness into awareness, spotting emerging issues without undermining trust.

To learn how OSINT supports insider threat programs without undermining trust, read our Insider Threat Mitigation with OSINT blog, which outlines practical ways to integrate OSINT into workforce-risk management frameworks. 

Trust and Governance Build Longevity

OSINT capability will only endure when it’s governed ethically and transparently—when legal, human resources and communications teams trust how it’s used and why. Steve Holmes urged peers to “take [these teams] on the journey” and build a shared understanding of what OSINT is and what it isn’t.

Nadia Taggart added that effective information sharing doesn’t always require revealing everything, and protocols are important. In sectors like higher education, she argued, de-identified or anonymised insights into incidents and patterns help others learn while protecting reputation and relationships.

Translate the Value 

Enduring OSINT capability depends on how its value is communicated. Executives respond to clarity, not complexity. Technology doesn’t win executive support—business language does.

At ARPANSA, Luke Roempke said his team secured buy-in by showing OSINT’s impact on decision speed, cost savings and risk reduction. Steve Holmes reinforced the point: “Position OSINT to manage business risks, not just security risks.” 

Nadia Taggart pushed that thinking further, identifying fourth-party supply-chain risk—the threats introduced through a vendor’s vendors—as the next major challenge for bodies like AARNet. OSINT, she argued, helps organisations reveal these hidden dependencies and protect brand reputation before issues surface. 

For a practical example of how OSINT helps critical infrastructure organisations detect cyber asset misuse and protect brand integrity, explore our OSINT for Critical Infrastructure: Using OSINT to Identify Misuse of Cyber Assets blog, which shows how proactive monitoring can reveal early indicators of compromise across interconnected systems.

Resilience in the Quiet Moments 

Taken together, these lessons show how critical infrastructure leaders now view OSINT—not as a niche specialty, but as an operational necessity that underpins resilience across the sector. 

As panel chair Steve Beaumont closed, he captured the essence of enduring OSINT capability in critical infrastructure organisations: “Resilience isn’t built in moments of crisis. It’s built in the quiet work of people who keep watching, connecting and sharing, every day.” 

Building Capability Together 

This discussion was made possible through the support of the Critical Infrastructure Information Sharing and Analysis Centre (CI-ISAC), whose Chairman, Stephen Beaumont, chaired the AOS2025 Critical Infrastructure Panel and helped bring together voices from across Australia’s critical infrastructure landscape.

The work of CI-ISAC and OSINT Combine reflects a shared goal: helping critical infrastructure operators transform intelligence into enduring capability. By connecting communities, sharing insights and promoting ethical, effective intelligence practice, both organisations contribute to the resilience of Australia’s essential services.

Learn more about CI-ISAC’s programs, partnerships and membership opportunities at ci-isac.org.au.

From protecting ports and power grids to safeguarding people and supply chains, OSINT Combine helps critical infrastructure teams translate open-source insights into operational resilience. Discover how our training programs and NexusXplore software strengthen continuity and preparedness across your network.

Contact us to learn how we can help you build enduring OSINT capability.