Financial services now a national critical infrastructure

The Security Legislation Amendment (Critical Infrastructure) Bill 2020 has been passed by both houses of parliament and is awaiting Royal Assent.

UPDATE: Assent given on 2 December 2021.

The purpose of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 is to amend the Security of Critical Infrastructure Act 2018 to introduce an enhanced regulatory framework, building on existing requirements under the Act following concerns about cyber attacks which cause disruption to our economy and security.

The amendments in this Bill expand the Act’s coverage to financial services and markets as well as the following sectors: communications; data storage and processing; defence industry; higher education and research; energy; food and grocery; health care and medical; space technology; transport; and water and sewerage.

The Bill gives effect to this framework by introducing:
• government assistance to relevant entities for critical infrastructure sector assets in response to significant cyber attacks that impact on Australia’s critical infrastructure assets.
• additional positive security obligations for critical infrastructure assets, including a risk management program, to be delivered through sector-specific requirements, and mandatory cyber incident reporting;
• enhanced cyber security obligations for those assets most important to the nation, described as systems of national significance; and
• additional critical infrastructure assets, which means that the existing powers under the Act, and the new powers to be introduced under this Bill, will apply to a broader range of assets.

This framework will apply to owners and operators of critical infrastructure regardless of ownership arrangements.

The positive security obligations involve two aspects:
• mandatory reporting of serious cyber security incidents to the Australian Signals
Directorate (in the Australian Cyber Security Centre, or ACSC); and
• where required, providing ownership and operational information to the Register of Critical Infrastructure Assets.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

Print Friendly, PDF & Email

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.