The physical and digital security of a nation’s critical infrastructure is necessary for its citizens, commerce and their public and private owners’ to conduct successful business transactions. A complicating factor towards this security is the multi-jurisdictional nature of some critical infrastructure assets e.g., telecommunications or financial systems. Information systems and information technology are playing an ever more important role in the security of a nation’s (state, territory, or province’s) critical infrastructure. This longitudinal study investigates public sector critical infrastructure incidents across nine sectors in an Australia state - New South Wales. The New South Wales state government is the largest by full-time employees in Australia. An action research methodology was employed. Data was collected by online survey, complemented by interviews and secondary data searches. Results were reinforced from independent sources. Our main finding is that information system security incidents against critical infrastructure assets are significantly decreasing as prevention techniques and solutions are increasingly becoming available.