Security of Critical Infrastructure Act 2018 (Cth) Reforms in Force

Written By

julie cheeseman Module
Julie Cheeseman

Partner
Australia

I am a partner in our Sydney office, where I specialise in media and technology disputes and advice.

emma croft Module
Emma Croft

Senior Associate
Australia

I am a senior associate in our Dispute Resolution Group in Sydney, specialising in media and technology disputes, commercial litigation and privacy and cybersecurity advisory work.

We recently published an article summarising the changes recently made to the Security of Critical Infrastructure Act 2018 (Cth) which were assented to on 2 December 2021 and will affect entities in the following sectors:

  • data storage or processing;
  • communications;
  • defence;
  • energy;
  • financial services and markets;
  • food and grocery;
  • health care and medical;
  • higher education and research;
  • space technology;
  • transport; and
  • water and sewerage.

Information from the Cyber and Infrastructure Security Centre (CISC) indicates that the Minister will shortly release draft rules to ‘switch on’ cyber reporting for most of the asset classes, to which a consultation period of at least 28 days will apply. All affected entities are expected to be advised of the consultation process by email.

The CISC has also indicated that a second bill will be introduced in early 2022 which will impose further obligations on entities responsible for or owning critical infrastructure assets in the classes:

  • broadcasting;
  • domain name systems;
  • data storage or processing;
  • critical hospitals;
  • freight infrastructure;
  • payment systems;
  • freight services;
  • liquid fuel;
  • energy market operator;
  • electricity
  • gas;
  • water and sewerage; and
  • defence.

Such obligations will include risk management programs, enhanced cyber security obligations and designate ‘Systems of National Significance’. An exposure draft of the second raft of reforms is set to be released in the next few weeks, with the period of consultation likely to run from mid December 2021 to the beginning of February 2022.

Contacts: Sophie Dawson, Julie Cheeseman, Joel Parsons, James Hoy, Jessica Laverty, Emma Croft

Latest insights

More Insights
cameras

What is an Emotion Recognition System under the EU’s Artificial Intelligence Act?: Part 1 - A machine that “understands” your Monday blues!

Nov 04 2024

Read More
Energy and Utilities 500x333

Unlocking Energy Storage: Revenue Streams and Regulations

Nov 04 2024

Read More
Orange notepad with pencil

The Draghi report: key takeaways and policy recommendations

Nov 04 2024

Read More