Share this article on:
Expanding the definition of critical infrastructure and the introduction of an incident reporting regime are among new cyber security reforms introduced into parliament.
The Coalition government has tabled reforms to the Security Legislation Amendment (Critical Infrastructure) Bill 2020, designed to improve nationwide responses to cyber attacks on critical infrastructure.
Reforms include the provision of government assistance to industry as a last resort – subject to “appropriate limitations”.
According to Minister for Home Affairs Karen Andrews, emergency assistance or directions would be provided immediately before, during or after a significant cyber security incident to “mitigate and restore essential services”.
“These emergency measures will only apply in circumstances where a cyber attack is so serious it impacts the social or economic stability of Australia or its people, the defence of Australia or national security and industry is unable to respond to the incident,” the minister added.
Other reforms include the introduction of a cyber-incident reporting regime for critical infrastructure assets and expanding the definition of critical infrastructure.
If the proposals are ratified, the expanded definition would include:
Minister Andrews said the amendments are priority areas for the government, forming part of a broader push to bolster cyber resilience.
“The Morrison government is committed to protecting Australia’s critical infrastructure to secure the essential infrastructure and services all Australian’s rely on – everything from electricity and water to health care and groceries,” Minister Andrews said.
“Recent cyber attacks and security threats to critical infrastructure, both in Australia and overseas, make these reforms critically important.
“They will bring our response to cyber threats more into line with the government’s response to threats in the physical world.”
The minister also noted the importance of strengthening collaboration between public and private sector stakeholders.
“Attacks on our critical infrastructure require a joint response, involving government, business and individuals, which is why we are asking critical infrastructure owners and operators to help us help them by reporting cyber incidents to the Australian Cyber Security Centre.
“Implementing these reforms now will allow the government to continue to work with critical infrastructure entities to develop supporting rules to ensure that the second phase of reforms is implemented in a manner that secures appropriate outcomes without imposing unnecessary or disproportionate regulatory burden.”
The introduction of these new amendments come just a week after the government proposed new criminal offences, tougher penalties and a mandatory reporting regime as part of a new and comprehensive Ransomware Action Plan.
Proposals include:
The government also plans to develop a mandatory ransomware incident reporting regime for businesses with a turnover exceeding $10 million per annum.
[Related: Tough new laws to protect Australians against ransomware]
News Editor – Defence and Security, Momentum Media
Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres