The Morrison Government has today introduced into Parliament the second stage of the Australian Government’s critical infrastructure reform package.
The Security Legislation Amendment (Critical Infrastructure Protection) Bill will better protect Australia’s critical infrastructure and the essential services all Australians rely on from cyber-attacks – everything from our electricity and water, to health and medical care, to transport and groceries.
Minister for Home Affairs Karen Andrews said the reforms will give all Australians assurance that our essential services are resilient and protected from threats.
“In a world of rapidly evolving challenges, Australia is increasingly facing cyber security threats to essential services, businesses and government,” Minister Andrews said.
“The best approach to protecting our critical infrastructure from attack is partnership between business and Government to ensure the businesses that provide essential services to Australians can be resilient and respond to evolving threats.
“Our sovereignty, economy and security depends on protecting our critical sectors including water and sewerage, financial services, food and grocery, energy and other sectors that sustain our prosperous way of life.”
The increasingly interconnected nature of critical infrastructure exposes vulnerabilities that could result in significant consequences to our security, economy and sovereignty.
The reforms outlined in the Bill include:
- A Risk Management Program requiring owners and operators to manage the risk of hazards that affect the delivery of our essential services; designed with industry and building on existing regulatory frameworks, where possible.
- Enhanced Cyber Security Obligations for owners and operators of assets most critical to the nation (our Systems of National Significance) – centred on a strengthened relationship with government.
- Improved information sharing provisions to make it easier for regulated entities and governments to share information as needed to comply with their obligations.
The Government has agreed to exempt the food and grocery and transport sectors from the Risk Management Program requirements until at least 1 January 2023, given the disruptions both industries have suffered due to the pandemic.
“This strikes the balance between protecting Australia’s most important critical infrastructure assets, while at the same time ensuring our economic recovery from the pandemic,” Minister Andrews said.
The introduction of these reforms follows extensive public consultation and ongoing engagement with critical infrastructure providers. The Government has made more than 70 amendments to the Bill, reflecting feedback received through consultations including submissions to the Exposure Draft of the Bill and those submissions provided to the Parliamentary Joint Committee on Intelligence and Security in their committee inquiry process.
These reforms will strengthen Australia’s ability to manage and respond to security risks across critical infrastructure sectors. It is vital we work with critical infrastructure owners and operators to protect essential services vital to the security and prosperity of Australia.
“These measures send a clear message to anyone considering interfering with our critical infrastructure or our way of life,” Minister Andrews said.
“It is vital that we continue to work closely with industry to build consumer and investor confidence in the resilience of the essential services that underpin our economy.”
The reforms build on the cyber protection and assistance measures legislated in November last year.