The Australian government has released an exposure draft of new security legislation for critical infrastructure. The Security Legislation Amendment (Critical Infrastructure) Bill 2020 is expected to be passed by early 2021.
The new legislation implements the first stage of Australia’s 2020 Cyber Strategy and imposes mandatory obligations on critical infrastructure operators.
Australia defines critical infrastructure as the following sectors: communications, data storage or processing, financial services and markets, water and sewerage, energy, healthcare and medical, higher education and research, food and grocery, transportation, space technology, and the defense industry.
Under the terms of the draft legislation, critical infrastructure operators must adopt and maintain a risk management program to include the threat from cyber attacks. Vulnerability assessments and security exercises will also be required.
Government assistance will be provided to industry in response to immediate and serious cyber attacks on Australian systems.
Minister for Home Affairs Peter Dutton said the increasingly interconnected nature of critical infrastructure exposes vulnerabilities that could result in significant consequences to the Australian economy, security and sovereignty, and that industry will be important to the success of the reforms.
“We will continue to work closely with industry and other stakeholders to implement our plan to secure essential services – electricity, water, groceries and so on – without imposing an unnecessary regulatory burden.”
The Australian government is seeking views on the draft legislation. Submissions can be made online via the Department of Home Affairs website. The closing date for submissions is November 27 2020.