The review covers the breadth of threats and hazards faced by Australia’s critical infrastructure over the past 12 months. It provides guidance on emerging and enduring risks that impact national security and economic prosperity. The review is designed for a diverse audience across all levels of industry, government and the broader community. The review outlines the risk and regulation environment, risk prioritisation and sector interdependency.

Risk issues are presented for the hazard categories:

• cyber and information security
• supply chain hazards
• physical security
• natural hazards
• personnel security.

Critical infrastructure owners need to adapt risk management strategies to meet shifting dependencies, short-term and long-term supply chain disruptions and geopolitical tensions. Risk mitigation now requires an acceptance and incorporation of technology competition, supply concentration and unavoidable third-party risk.

Key findings

• Geopolitical risk is an ongoing reality for all critical infrastructure sectors.
• The physical sabotage of critical infrastructure is at the forefront in many global conflicts.
• Climate change continues to create uncertainty for risk management.
• Accidents, technical errors and challenges in meeting skilled workforce requirements are creating more disruptive personnel security effects alongside threats from malicious insiders.
• In 2025, international supply chains for software and hardware have left Australia vulnerable to harmful activity, both deliberate and inadvertent.
• Overseas conflict has impacted domestic community sentiment and eroded social cohesion, increasing the likelihood of politically motivated violence, the threat of lone-actor extremism, ideologically motivated vandalism and small-scale sabotage has persisted.