The Government has released an exposure draft bill containing further changes to the Security of Critical Infrastructure Act 2018. This draft bill expands the changes made by Security Legislation Amendment (Critical Infrastructure) Act 2021 which made it possible for financial services to be declared a critical infrastructure.
It imposes enhanced cyber security obligations that relate to systems of national significance, the requirement for a critical infrastructure risk management program, reporting to the Register of Critical Infrastructure Assets and mandatory cyber security incident reporting.
The Government has also released an exposure draft of the Rules under the Security of Critical Infrastructure Act 2018.
These rules set out the circumstances in which specified critical infrastructure assets are required to:
* provide ownership and operational information to the Register; and
* provide reports about cyber incidents to the Australian Cyber Security Centre .
Each aspect of the positive security obligations will only apply once a rule is made in relation to that aspect for a critical infrastructure asset or class of critical infrastructure assets. The rules prescribe which aspects are ‘switched on’ for a critical infrastructure asset or class of critical infrastructure assets.
If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.
Author: David Jacobson
Principal, Bright Corporate Law
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.