This paper examines the threat of freely available information on critical infrastructure protection (CIP) efforts. Critical infrastructure are the services required to maintain the stability and security of a country, and comprise both physical and cyber infrastructures. These interdependent entities must be protected from natural disasters, accidental errors, and deliberate attacks. The CIP process typically includes vulnerability assessment, risk assessment and risk management, and has been a global concern for many years; the concern now amplified in Australia due to a number of recent events such the 9/11 attacks, and the Bali bombings. The events have called into question the role of information and communication technologies (ICTs) in both preventing, and aiding such activities. ICTs, primarily the Internet, provide a means of gathering public data. Public data refers to ‘sensitive but unclassified’ information; that is, information that may not on its own appear harmful, but when compiled with other data can be truly revealing about an individual or critical infrastructure. The paper presents the risk of ‘sensitive but unclassified’ data being available in the public arena (on the CIP process). There is an evident need for increased awareness of this issue throughout Australia. Additionally, further research must be conducted into the topic, in an attempt to achieve a balance between providing data publicly and restricting access in the interest of national security.