In Brief
No statute tells boards to hire only Australian citizens. Yet security clearances, the Hosting Certification Framework, Defence supply-chain rules and sovereignty-driven procurement converge on cleared, onshore cohorts for the systems that matter most. The pool of citizen, clearance-eligible specialists is far too small for the grid and AI build-out under way. The answer is architectural. Boards must design systems that depend on fewer cleared hands.
The trap is not the law most boards think it is
Many directors assume the Security of Critical Infrastructure Act compels them to construct critical systems with Australian citizens, when the legislation imposes no such obligation. Through the risk-management rules introduced by SLACIP, it requires operators to identify their critical workers and to assess their suitability before granting access to sensitive components. It further requires them to manage personnel and supply-chain exposure as far as reasonably practicable. Citizenship appears nowhere in the legislation.
The citizenship and onshore pressure originates in the regime assembled around the Act. Security clearances administered by the vetting agency ordinarily require Australian citizenship. The Hosting Certification Framework obliges certified hosting and cloud providers to restrict sensitive access to appropriately cleared personnel, and it governs whether support is delivered onshore. Defence supply-chain engagements carry their own clearance conditions. Procurement functions then codify these expectations contractually, producing a de facto mandate that no individual statute actually imposes.
of Australia's technology workforce was born overseas, narrowing the pool eligible for the clearances critical-infrastructure work increasingly demands
ACS Digital Pulse, 2024
This clarifies the real problem. The duty is suitability and risk, not nationality. Framed as recruiting citizens, the task pursues a labour market incapable of supplying the numbers. Framed as governing cleared access, the demand becomes a design choice the board controls.
Why the cleared pool is too small to staff the build-out
Australia is reconstructing its grid and establishing sovereign compute simultaneously, and both initiatives draw on the same constrained bench. The Australian Energy Market Operator’s 2024 workforce projections anticipate electricity-sector shortages, accompanied by wage escalation and protracted recruitment.
Engineers Australia reported in 2023 that demand was outstripping supply, with clean energy and power systems among the most constrained disciplines. The same analysis found that 55.8 per cent of people employed in engineering occupations were born overseas.
The demand side is no less severe, since the grid transition alone necessitates thousands of additional electrical and power-systems professionals this decade, on the Australian Energy Market Operator’s projections. Data-centre operators simultaneously compete for the cleared architects capable of commissioning sovereign compute. Two national programmes of the highest priority now draw on a single bench that was never scaled for either independently, let alone both concurrently.
Specialisation is the dimension that does not scale. The cleared generalist who qualifies within months is not the binding constraint. The grid-ready power-systems engineer who comprehends protection schemes, inverter dynamics and system strength requires the better part of a decade to develop. The same applies to the architects who can secure a sovereign compute cluster end to end. These are precisely the specialists every operator requires within the same window, and the bench was already depleted before construction commenced.
Applying the clearance filter compounds the contraction at every stage, as the funnel above illustrates. The Australian Computer Society has projected a shortfall exceeding 20,000 cyber professionals by 2030, and the deficit widens with each year the domestic pipeline fails to keep pace.
Remuneration reflects the identical pressure, with engineering salaries rising 3.9 per cent in the year to June 2024, on Professionals Australia figures, before the premium an active clearance commands.
The clearance process intensifies the difficulty, because a vetting decision for higher access routinely consumes many months, so even a citizen recruit cannot access the most sensitive systems immediately. An operator that loses a cleared engineer forfeits the lead time required to render any replacement productive. In a market where every operator recruits from the same bench, that delay converts ordinary attrition into schedule risk on nationally significant projects.
The shadow workforce is the predictable failure
When delivery milestones collide with a bench this constrained, the deficit tends to be remediated discreetly, and rarely in a manner that withstands close inspection. Work contracted as onshore is executed by offshore teams accessed through subcontractors and labour-hire arrangements, with the cleared name on the contract while the keyboard resides elsewhere. This reintroduces the personnel risk the risk-management rules exist to contain, through the back door of a programme that appears compliant on paper.
The tell is in the timezone. One pattern recurs throughout delivery reviews. Contributions cluster in the small hours of Australian time, code is authored under identities that never appear on a call, and support tickets return with a consistent overnight latency. None of it demonstrates wrongdoing in isolation, yet collectively it describes work occurring somewhere the contract never specified, and assurance the board cannot credibly substantiate.
A contract that guarantees onshore, cleared delivery while the work occurs elsewhere creates a control the board cannot evidence under examination. International security agencies, including the United States Department of Justice and the FBI, have prosecuted schemes that employed fabricated identities to embed offshore workers within trusted technology teams. That constitutes an unmonitored route into the systems the entire regime was established to protect.
Few boards have examined this closely. Provenance is seldom tracked beneath the vendor’s assurance letter, and labour-hire structures are engineered to obscure who performed the work. The opacity remains comfortable until a regulator’s enquiry converts it into the board’s problem, by which point remediation is costly and the forfeited trust is slow to rebuild.
What boards should do about it
No recruitment programme resolves a national structural deficit, so responsibility shifts to design and governance, and the contrast below frames the decision. The three interventions that follow convert an unwinnable recruitment contest into decisions a board can make and monitor. Each expands or protects effective capacity, rather than competing for a larger share of the same constrained pool.
Two responses to the same constraint
Recruit harder
- Bid up salaries for the same small cohort
- Wait months for a clearance on every hire
- Carry a single point of failure in each cleared role
- Fill milestone gaps through opaque labour-hire chains
Redesign the demand
- Cut the cleared headcount each system requires
- Share scarce specialists across the sector
- Attest onshore delivery down to the commit
- Make ordinary attrition survivable by design
The left column describes where most organisations currently operate, and it deteriorates gradually, one slipped milestone and one departed specialist at a time. Salaries escalate, timelines slip, and dependence on a handful of irreplaceable individuals intensifies with every project the organisation cannot resource from its own bench. The right column treats cleared capacity as the scarce input it genuinely represents, and architects the organisation around that scarcity rather than awaiting a market that will not clear.
Three moves that change the capacity equation
| Action | Owner | Timeline | Priority |
|---|---|---|---|
| Design critical systems for isolation and lower complexity so fewer cleared specialists can safely run more of the estate | CTO with architecture | Next build or refresh | high |
| Join shared sovereign engineering arrangements instead of bidding against peers for the same specialists | CEO with sector peers | 6-12 months | high |
| Verify onshore delivery with provenance down to the code commit on sensitive systems | CISO with CPO | Next procurement cycle | critical |
Consolidate the scarce capacity. This intervention is the most foreign to a competitive instinct. In practice it manifests as cleared-talent syndicates across operators within the same sector, alongside shared secondment pools for periods of peak demand. Joint training pipelines can then produce specialists more rapidly than any single firm could justify financing independently.
Competitors continue to compete on product and price, yet they cease cannibalising one another for the same forty engineers, a contest that merely redistributes the shortage and inflates everyone’s cost.
Attest to the commit. This is the intervention boards underestimate, and it entails signed contributions tied to cleared, verified identities, with access that is geo-fenced and logged. An audit trail then enables a probity reviewer to follow the work without relying on the vendor’s assurance. The tooling already exists within modern development pipelines, so what is typically absent is the contractual requirement to enable it, and the board mandate to confirm that someone did.
Consider a major electricity transmission operator we advised through a control-system upgrade spanning roughly two thousand field assets. Its plan assumed a cohort of cleared specialists it had costed but never confirmed it could clear in time. We mapped each subsystem to the cleared headcount it genuinely required, and two designs demanded three scarce engineers each where a simpler, better-isolated architecture required only one.
The roadmap did not change, yet the count of irreplaceable personnel fell by almost half. The board’s task now is to commission that same mapping across every critical system before the next budget cycle closes.
Cleared engineering capacity is scarce infrastructure. The operators that count it, design around it, share it, and verify it will keep building through the decade of grid and AI work ahead.
Questions for Leadership
For each critical system we operate, how many citizen, clearance-eligible specialists does its design actually require, and where is that number indefensible?
Cleared capacity is the real constraint. A board that has never counted the cleared headcount its architecture demands cannot know which systems are one resignation away from stalling.
Where have we written "onshore" or "cleared" into contracts, and can we evidence that the work is actually delivered that way?
A clause that says onshore and a delivery that is not creates a control the board cannot stand behind, and reintroduces the personnel risk the risk-management rules exist to contain.
Are we competing against our own sector for the same tiny specialist pool, or pooling that capacity through shared arrangements?
Bidding wars inflate cost without adding a single engineer to the national total. Shared reserves are one of the few moves that expand effective capacity rather than redistribute it.
Which of our roadmap milestones quietly assume talent we have not secured and cannot clear in time?
Milestones built on uncleared or unavailable specialists are schedule risk disguised as a plan. Naming the assumption early is cheaper than discovering it at go-live.
Can we verify, down to the code commit, that development on our most sensitive systems happened where our contracts say it did?
Sovereignty attestation that stops at the vendor's letterhead is not assurance. Commit-level provenance is the difference between a claim and a control.
The Bottom Line
Treat cleared engineering capacity as scarce infrastructure. Count the citizen, clearance-eligible specialists each critical system genuinely needs, redesign the ones that need too many, and share that capacity across the sector. Then verify, down to the commit, that onshore work is genuinely onshore.
Frequently Asked Questions
Does the SOCI Act legally require an Australian-citizen-only workforce?
No. The Security of Critical Infrastructure Act, through the risk-management program rules introduced by SLACIP, requires operators to identify their critical workers, assess suitability before granting access, and manage personnel and supply-chain risk as far as reasonably practicable. Nothing in that text bans a foreign engineer or mandates onshore delivery. The citizen-and-onshore pressure comes from the regime stacked around the Act. Security clearances, the Hosting Certification Framework, Defence supply-chain rules and procurement teams writing sovereignty expectations into contracts all push the same way. Boards should manage the actual obligation, which is suitability and risk management.
Why do security clearances narrow the talent pool so sharply?
Clearances through the vetting agency normally require Australian citizenship, so permanent residents and visa holders are excluded before assessment even begins. That filter bites hard in technology and engineering, where the overseas-born share runs far above the national average. The Australian Computer Society reported in 2024 that 49 per cent of the technology workforce was born overseas, and Engineers Australia put the overseas-born share of engineering occupations at 55.8 per cent in 2023. When a role demands both deep specialisation and a clearance, the eligible pool collapses to a fraction of an already stretched market.
Is "fewer than a hundred specialists a year" a real figure?
Treat it as a directional estimate rather than a published statistic. No public dataset isolates Australian-citizen, clearance-eligible, grid-ready power-systems engineers, and the equivalent claim for AI specialists is harder to defend nationally. What the evidence supports is direction and scale. Engineers Australia lists clean energy and power systems among the most stretched fields, and the Department of Education's broad domestic completion counts mix citizens, permanent residents and others without isolating the narrow specialisms grids need. The defensible statement is that the cleared specialist pipeline is measured in low hundreds a year.
How real is the "shadow workforce" risk?
It is a risk pattern to govern against rather than a documented epidemic. Little public reporting proves systemic offshore development disguised through local fronts. What is documented is the mechanism. International security agencies, including the United States Department of Justice and the FBI, have charged operations that used fabricated identities to place offshore workers inside trusted technology teams. When milestones collide with a thin talent pool, the temptation to fill the gap quietly grows, and labour-hire chains make the keyboard's true location hard to see. Boards should build provenance controls before an incident forces the question.
If a board cannot recruit its way out, what actually works?
Three moves change the maths. First, reduce the cleared headcount the architecture demands by designing for isolation and lower complexity, so fewer specialists can run more of the estate safely. Second, pool scarce capacity through shared sovereign engineering arrangements rather than bidding against peers, which expands effective capacity instead of redistributing it. Third, attest onshore delivery down to the commit, turning a contractual claim into an auditable control. None is fast. Together they convert an unwinnable hiring race into a design and governance problem the board can steer.