Australia has been facing an increase in cyber security threats to essential services, businesses, and all levels of governments. In recent years we have seen cyber-attacks on federal Parliamentary networks, logistics, the medical sector and universities. While owners and operators of critical infrastructure are best placed to deal with such threats, it takes a team effort to bring about lasting change. For this reason, the ongoing security and resilience of this type of infrastructure must be a shared responsibility, owned by both the government and the owners of the infrastructure.
The Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 (otherwise referred to as ‘the Bill’) requires that managers of assets in “critical infrastructure sectors” need to develop, implement and update Risk Management Plans.
Purpose Of The Bill
The Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 requires that:
- Responsible entities from critical infrastructures adopt, maintain and comply with a critical infrastructure risk management program.
- Responsible entities provide a report to governments where the assets are not covered by infrastructure risk management program.
- Entities be allowed to conduct a thorough background check on their employees.
- The minister be allowed to privately declare assets to be systems of national significance (SoNS).
- Enhanced cyber security regulations to be imposed on entities responsible for SoNS, which also includes undertaking cyber security exercises and vulnerability assessments.
- Preparation for a cyber security incident response plan.
Who Will The Bill Apply To?
According to Part 2A of the Act, this Bill will be applied to:
- critical electricity assets
- critical energy market operator assets
- critical gas assets
- critical liquid fuels assets
- critical water and sewerage assets
- critical financial market infrastructure assets that are a critical payment system
- critical data storage or processing assets
- critical hospital assets
- critical domain name system assets
- critical broadcasting assets
For more information on The Bill, and how it’s implementation may affect your organisation, contact us.
Author: Mahdi Kobeissi, Cyber Security Consultant