IT managers and senior executives at organisations responsible for Australia's "critical infrastructure" will next year get tighter guidelines about managing their corporate information networks and IT security.
The federal government wants a consultancy to develop the guidelines as part of a wider effort to boost IT governance at organisations which operate essential infrastructure such as airports, ports and banks. The move is designed to help minimise disruption following a terrorist attack or natural disaster.
The government said in a request for tender (RFT) it was targeting governance of "information, IT security and engineering services" for owners and operators of critical infrastructure.
The consultancy is being commissioned by the government on behalf of the Trusted Information Sharing Network (TISN), a grouping of public and private sector operators of critical infrastructure that sits within the federal Attorney-General's department.
The body -- which advises members on security disciplines such as physical security, e-security, business continuity and risk management -- was formed in response to recommendations in 2002 from a joint government and business taskforce into ways of protecting the nation's critical infrastructure from threats such as terrorist attacks.
The successful consultant must also deliver a report into "risks, threats and vulnerabilities" that could compromise IT governance at critical infrastructure facilities, according to the RFT.
They must also develop a user guide for board members and non-IT executives which includes tips, case studies and steps for improving IT governance.
In addition, the consultant must prepare an information paper for CIOs, chief security officers and other security managers detailing the importance of IT governance to the continuity of their company's services.
According to the RFT released last week, a draft of the documents must be finalised by 31 March next year, with the final version submitted to the government by 28 April.
The federal government defines critical infrastructure as "those physical facilities, supply chains, information technologies and communication networks that, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic well-being of the nation or affect Australia's ability to conduct national defence and ensure national security".
Meanwhile, in another government security tender, the Department of Defence has called for a new encryption system for Defence Restricted Network (DRN) traffic.
"This system is intended to replace extant capability," the request-for-tender said.
Currently, DRN voice, video and data traffic passes over the Defence Wide Area Communications Network to more than 300 sites.
The system requirement includes the supply of encryption devices.
The chosen encryption system would later be piloted across 20 sites, according to Defence.