Close this search box.

Why do Hackers Target Critical Infrastructure?


The systems we rely on every day, from our water supply to the internet itself, are increasingly under threat from cyber attacks. Hackers target Critical Infrastructure sectors not just to cause trouble but to gain big – financially, politically, or even just to prove they can.  

The Target List 

Key sectors at risk include energy, healthcare, communication, food supply, finance, transportation, defense, and water management. These areas are essential for our daily lives and, if attacked, can impact everything from our safety to our economy. 

Why Hackers are Interested 

So, what’s in it for the nation-state sponsored hackers? A lot. Disrupting these services can shake public confidence or sway political decisions. With 69% of Australian executives expecting an increase in state-sponsored attacks on critical infrastructure, the stakes are higher than ever.  

Cyber attackers target CI for a few main reasons:  

  • Political Turmoil – to cause civil unrest and chaos 
  • Financial Ransom – they lock systems to demand money. 
  • Information Theft – they steal sensitive data. 
  • Service Disruption – they want to cause chaos or damage public trust.

SOCI Act 2018 

To counter these threats, Australia put the Security of Critical Infrastructure Act 2018 (SOCI Act) into play. This law helps to defend against sabotage, espionage, and coercion by covering 22 asset classes across 11 sectors, including food, utilities, education, and healthcare, emphasizing a broad approach to safeguarding national security. 

Key Aspects of the SOCI Act 

  • Register of Critical Infrastructure Assets to track and manage critical assets across Australia. 
  • Mandatory Cyber Incident Reporting for entities to report significant cyber incidents promptly. 
  • Government Assistance provided when entities cannot effectively respond to threats. 
  • Enhanced Information Gathering by the Secretary of the Department of Home Affairs to support protective efforts. 
  • Directive Powers for the Minister for Home Affairs to mandate actions for mitigating national security risks. 

SLACIP Act 2022 

The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) enhances the SOCI Act by: 

  • Requiring entities to actively manage cybersecurity risks. 
  • Enhanced cyber security obligations for operators of nationally significant systems with stricter cybersecurity practices. 

The SLACIP Act makes risk handling, staying prepared, and being resilient part of the everyday routine for those managing critical infrastructure. It also improves how businesses and the government share information about threats. 

How To Make the Best of the Legislation 

To turn laws like the SOCI and SLACIP Acts into benefits, it’s key to blend them smoothly into your cybersecurity plan. 

  1. First, understand how these laws affect your operations and compliance duties. 
  2. Identify what threats your infrastructure faces and where you’re vulnerable. 
  3. Tailor cybersecurity controls to mitigate identified risks, focusing on technology, procedures, and training. 
  4. Regularly review and update your cybersecurity approach to stay ahead of threats. 

Simplifying compliance and enhancing security doesn’t have to be daunting. Contact Us 24/7 to guide you through understanding legislation impacts, spotting risks, and enforcing cybersecurity measures. 

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →