Share this article on:
Understanding the security regulations and cybersecurity challenges impacting Critical Infrastructure and solutions to fast track compliance.
In an effort to increase its security posture, Australia has introduced the Australian Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act). It amends the Security of Critical Infrastructure Act 2018 (SOCI Act), and Systems of National Significance (SoNS) regulations. The regulations look to improve resilience and risk management practices of the Critical Infrastructure sector and facilitate the secure sharing of information between these organisations and the government. This article outlines what is required for compliance as well as solutions to help you quickly implement the security mechanism required.
The SLACIP Act and SoNS legislation require Critical Infrastructure providers and those managing Systems of National Significance to meet specific requirements for data management, security and protection. SLACIP also expands the scope of organisations that are deemed critical infrastructure.
Under SLACIP, the general obligations for all Critical Infrastructure providers include the ability to:
Additional obligations for SoNS entities include the need to:
If you’re wondering whether or not these regulations apply to your organisation, the list below outlines the industries that are subject to the requirements laid out in the SLACIP Act:
Additionally, some critical infrastructure entities must also adhere to SoNS if they are considered an asset of national significance. The two key factors used to determine this include the following assessment criteria:
If your organisation falls under the Critical Infrastructure definitions above, you must adopt and maintain a risk management program. This includes any cyber threats to the digital ecosystem of a critical infrastructure asset and insider threats within a Critical Infrastructure workforce. In addition to the obligations for critical infrastructure assets under the SLACIP Act, any organisation classified as SoNS must also comply with Enhanced Cyber Security Obligations (ECSO).
Any company that works with and supplies these Critical Infrastructure entities must also employ secure systems to exchange and collaborate on sensitive information.
While risk management and governance are critical to SLACIP and SoNS compliance, implementing the level of security required by the legislation can be challenging. It can be costly, time-consuming and difficult to achieve the compartmentalised access and strict sharing controls required for the management of sensitive and classified information, especially for SMEs.
Kojensi SaaS provides a turnkey solution. It offers a ready-to-deploy government-accredited PROTECTED document management and information sharing cloud service to support SLACIP and SoNS compliance requirements, as well as those for ISM, DISP and PSPF.
Kojensi’s industry-leading attribute-based access control (ABAC) model offers the level of granular access and sharing control needed for compliance. User and document attributes control the flow of information and facilitate secure sharing to validate access and sharing policies each and every time a file is accessed or shared internally or with industry partners. A full audit trail, version control, and tracking capabilities assist with meeting auditing requirements.
Critical Infrastructure organisations can consume the SaaS-based platform as needed, without the substantial costs of implementing new on-premises secured ICT infrastructure. Within minutes of deploying, users can set up a shared workspace and invite internal and external partners to share and collaborate on the information required to carry out projects, knowing that users will only have access to information they are authorised to.
Kojensi allows the Critical Infrastructure Responsible Entity to:
Kojensi ensures that Critical Infrastructure information can be securely shared and collaborated on with authorized internal users and third parties while preventing unauthorized access. Discover the advantages of the accredited Kojensi SaaS platform to quickly meet SLACIP, SoNS, and other government information security requirements.