Legislation

The Security Legislation Amendment (Critical Infrastructure) Bill 2020

11 sectors now deemed critical infrastructure

Electricity and Gas, Ports, Transport, Defence, Communications, Higher Education & Research,

Water, Healthcare, Food & Grocery, Data Storage & Processing, Finance & Insurance.

The initial 2018 legislation set out to achieve three things: ​

  1. Government visibility as to who owns and controls critical infrastructure assets

  2. Enable additional information to be obtained if required via ASIO audit

  3. To notify and update government of any changes

The 2020 legislation added: ​

  • Critical infrastructure risk management program

  • Owners obliged to notify government of any cyber security incidents

  • Government the right to “step-in” to address the situation if in national interest


Obligations

What does this all mean for owners of critical infrastructure assets?

They will now have to undertake 2 obligations:

  1. Assess, audit and develop your critical infrastructure plan and cyber security posture –Non Compliance $44,000 Fine.

  2. Lodge an annual report with the government on the status of your risk management program –Non Compliance $33,000 Fine