The Security Legislation Amendment (Critical Infrastructure) Bill 2020
11 sectors now deemed critical infrastructure
Electricity and Gas, Ports, Transport, Defence, Communications, Higher Education & Research,
Water, Healthcare, Food & Grocery, Data Storage & Processing, Finance & Insurance.
The initial 2018 legislation set out to achieve three things:
- Government visibility as to who owns and controls critical infrastructure assets
- Enable additional information to be obtained if required via ASIO audit
- To notify and update government of any changes
The 2020 legislation added:
Critical infrastructure risk management program
Owners obliged to notify government of any cyber security incidents
Government the right to “step-in” to address the situation if in national interest
ObligationsWhat does this all mean for owners of critical infrastructure
They will now have to undertake 2 obligations:
- Assess, audit and develop your critical infrastructure plan and cyber security posture –Non Compliance $44,000 Fine.
- Lodge an annual report with the government on the status of your risk management program –Non Compliance $33,000 Fine