23 February 2021
4 min read
#Transport, Shipping & Logistics, #Data & Privacy
Published by:
In 2018, the Critical Infrastructure Act 2018 (Cth) came into force (Act). The Act is part of the Commonwealth government’s focus on ensuring the protection of critical infrastructure from cyber threat.
The Act requires the establishment and maintenance of a register setting out the ownership of critical infrastructure assets, a government information request power, and a limited directions power enabling the Home Affairs Minister to direct owners and operators of critical infrastructure assets to take action to mitigate against national security risks if they do not already do so to the government's satisfaction.
Presently, the Act applies only to electricity, gas, ports, and water assets that meet certain criteria.
However, as part of Australia’s Cyber Security Strategy 2020, it is proposed to expand the application of the Act to many other sectors, relevantly for our readers including:
The proposed amendments will dramatically extend the assets to which the Act applies. The broad reach of the proposed reforms reflects the government's view of the importance of these sectors, and that if such sectors were impacted by a cyber-related incident, this has the potential to significantly impact one or more of the social and economic wellbeing of Australians and national security.
Not all entities that own or operate assets in the expanded range of sectors will be regulated in the same way. The consultation paper suggests that:
In addition, the consultation paper speculates about additional powers, including the ability for the government to declare an 'emergency' in the event an immediate and serious cyber threat is identified, as well as the ability to take direct action to protect critical infrastructure in the 'national interest' if an emergency is declared.
Businesses in the above sectors should keep up-to-date with the proposed amendments and consider putting in submissions on the proposed laws, to ensure that any additional regulatory requirements imposed on them are commensurate with the sensitivity of their operations.
Author: Nathan Cecil
Disclaimer
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this article is accurate at the date it is received or that it will continue to be accurate in the future.
Published by: