• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Critical Infrastructure Protection Reform

You are here: Home / Security News / Critical Infrastructure Protection Reform

In earlier months, the Australian government has promoted the Security Legislation Amendment Bill 2020. This legislation provides guidelines to protect the Critical Infrastructure assets of Australia. This is crucial, as the sectors that are defined as Critical Infrastructure (CI) include Electricity, Communications, Transport and Banking.

In the previous Security of Critical Infrastructure Act 2018, the legislation covered the areas of Electricity, Water, Gas and Ports. However, with this new reform the term Critical Infrastructure has been expanded to include Communication Services, Financial Markets, Data Storage or Processing, Defence, Higher Education and Research, Energy, Food and Grocery, Health Care and Medical, Water and Sewerage, Space Technology and Transport. There are three prominent features to this new amendment bill:

  1. Positive Security Obligations: providing Critical Infrastructure Asset Registers, Risk Management Plans and cyber incident reporting, which can only be activated for a sector following consultation with affected entities.
  2. Enhanced Cybersecurity Obligations: implementing the latest security measures.
  3. Government Assistance: to respond to cyber-attack on Critical Infrastructure assets.

Critical Infrastructure Reforms

Table 1: Applications of Reforms (via https://www.homeaffairs.gov.au/)

Implementation of Critical Infrastructure Protection

The benefits of having this new amendment bill is that the government will be able to work alongside the private sector and regulatory bodies, to provide the most balanced form of cyber risk management and incident response possible.

The implementation of this amendment will start in January 2021, and based on consultation from private entities along with filed experts, the below table showcases implementation details.

IMPLEMENTATION PHASE
​​Element of legislation Detailed outline of element Further industry consultation through implementation phase​
​Critical Infrastructure Asset Definitions of critical infrastructure assets are:

  1. set out entirely in the Bill
  2. identifiers set out in Bill with further specifics to be established through rules, or
  3. privately declared by the Minister.​
●      Where definitions rely on further specifics being established through rules, those rules will be made following commencement of the legislation drawing on feedback from industry.

●      Entities must be consulted before a private declaration of an asset is made.

 

Positive Security Obligations
  1. Report information to the Register – obligations will continue as they currently exist in the Act.
  2. Report cyber security incidents – obligations entirely in the Bill.
  3. Maintain a Risk Management Program – high level obligations in Bill to be supported by requirements in the rules.
●      Sector to be consulted prior to any of the obligations being switched on.

●      Co-design of sector-specific rules and guidance to support the Risk Management Program to occur progressively from early 2021.

●      Four week consultation prior to rules being made.

●      Guidance and advice to be provided on Register and cyber incident reporting obligations.

 

Systems of National Significance ●      Critical infrastructure assets that are of national significance noting interdependencies across key sectors in the economy and consequences should the asset be impacted.​ ●      Privately declared by the Minister subject to legislative criteria being met and direct consultation with the entity.

●      Guidance to be developed and provided to entities declared to be a system of national significance.

●      Entity may seek review of a declaration should circumstances change.​

​Enhanced Cyber Security Obligations
  1. Incident Response Plan
  2. Cyber Exercises
  3. Vulnerability Assessments
  4. Access to System Information

 

●      Consultation required with the entity prior to issuing notices for any of these obligatio​ns.

 

Government Assistance
  1. Information gathering directions
  2. Action directions
  3. Intervention requests​
●      Further guidance to be provided to industry on how and when these powers may be used.

●      Consultation with affected entities to occur prior to authorisations being made.​

Contact us at Agilient for consultation regarding updating your cybersecurity strategies and plans in line with the latest industry standards.

Author: Saeed Baayoun, Agilient Consultant

Tweet
Share

Security News Australian government,  Communications,  critial infrastructure,  cyber attack,  cyber risk management,  cybersecurity,  Energy,  government,  industry,  industry sectors,  legislation,  transport,  Water

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2021 Agilient · Level 3, 655 Pacific Highway, St Leonards, NSW 2065 · 1300 341 692