No one will argue that the cyber threat landscape is changing rapidly for the worse.
We have seen an increasing number of attacks on critical infrastructure lately. Motivations for these attacks vary from financial gain to nation state attacks with the aim of causing damage and destruction to another nation.
The Australian government has responded to this new threat by proposing the Security Legislation Amendment (Critical Infrastructure) Bill 2020 to bolster the Security of Critical Infrastructure Act 2018 (SOCI Act).
The Bill has subsequently been split into two now. Bill One is designed to deal with immediate threats which has now been passed into law. Bill Two is basically now designed to deal with what are deemed the less urgent elements and is yet to be passed.
The Bill as a Framework
The Bill introduces the following key concepts:
- Requiring notification of cyber security incidents
- Requiring certain entities relating to a critical infrastructure asset to provide information in relation to the asset, and to notify if certain events occur in relation to the asset
- Setting up a regime for the Commonwealth to respond to serious cyber security incidents
- The keeping of a register of information in relation to critical infrastructure assets
- Requiring the responsible entity for one or more critical infrastructure assets to have, and comply with a critical infrastructure risk management program
- Imposing enhanced cyber security obligations that relate to systems of national significance
- Allowing the minister to require certain entities relating to a critical infrastructure asset to do, or refrain from doing, an act or thing if the minister is satisfied that there is a risk of an act or omission that would be prejudicial to security
- Allowing the Secretary to require certain entities relating to a critical infrastructure asset to provide certain information or documents
- Allowing the secretary to undertake an assessment of a critical infrastructure asset to determine if there is a risk to national security relating to the asset.
Having discussed what the Bills include, the rest of this paper elaborates on the key elements contained within the Bills.
Definitions of Critical Infrastructure and Critical Infrastructure Assets
To continue reading, please download our whitepaper below:
For more information on how RSM can help you with the Critical Infrastructure Act 2018 (SOCI Act):