Security of Critical Infrastructure Act 2018 (SOCI Act) – A Brief Overview

Technology Insights

No one will argue that the cyber threat landscape is changing rapidly for the worse.

We have seen an increasing number of attacks on critical infrastructure lately. Motivations for these attacks vary from financial gain to nation state attacks with the aim of causing damage and destruction to another nation.

The Australian government has responded to this new threat by proposing the Security Legislation Amendment (Critical Infrastructure) Bill 2020 to bolster the Security of Critical Infrastructure Act 2018 (SOCI Act).

The Bill has subsequently been split into two now. Bill One is designed to deal with immediate threats which has now been passed into law. Bill Two is basically now designed to deal with what are deemed the less urgent elements and is yet to be passed.


The Bill as a Framework

The Bill introduces the following key concepts:

Bill One:

  • Requiring notification of cyber security incidents
  • Requiring certain entities relating to a critical infrastructure asset to provide information in relation to the asset, and to notify if certain events occur in relation to the assetwhaling_fraud_attack_cyber_people_connection_blue.png
  • Setting up a regime for the Commonwealth to respond to serious cyber security incidents

Bill Two:

  • The keeping of a register of information in relation to critical infrastructure assets
  • Requiring the responsible entity for one or more critical infrastructure assets to have, and comply with a critical infrastructure risk management program
  • Imposing enhanced cyber security obligations that relate to systems of national significance
  • Allowing the minister to require certain entities relating to a critical infrastructure asset to do, or refrain from doing, an act or thing if the minister is satisfied that there is a risk of an act or omission that would be prejudicial to security
  • Allowing the Secretary to require certain entities relating to a critical infrastructure asset to provide certain information or documents
  • Allowing the secretary to undertake an assessment of a critical infrastructure asset to determine if there is a risk to national security relating to the asset.

Having discussed what the Bills include, the rest of this paper elaborates on the key elements contained within the Bills.


Definitions of Critical Infrastructure and Critical Infrastructure Assets

ashwin_article_cut.jpg

To continue reading, please download our whitepaper below:

 

Download our whitepaper on definitions of Critical Infrastructure and Critical Infrastructure Assets

 

For more information on how RSM can help you with the Critical Infrastructure Act 2018 (SOCI Act):

 

 CONTACT OUR RISK ADVISORY TEAM >>

 

 DOWNLOAD OUR CRITICAL INFRASTRUCTURE BROCHURE >>

 

Authors

Ashwin Pal
Partner - Sydney
asset_3.png

Subscribe to Risk Insider to stay up to date with the latest in Technology, Fraud and Security.