We recently published an article summarising the changes recently made to the Security of Critical Infrastructure Act 2018 (Cth) which were assented to on 2 December 2021 and will affect entities in the following sectors:
Information from the Cyber and Infrastructure Security Centre (CISC) indicates that the Minister will shortly release draft rules to ‘switch on’ cyber reporting for most of the asset classes, to which a consultation period of at least 28 days will apply. All affected entities are expected to be advised of the consultation process by email.
The CISC has also indicated that a second bill will be introduced in early 2022 which will impose further obligations on entities responsible for or owning critical infrastructure assets in the classes:
Such obligations will include risk management programs, enhanced cyber security obligations and designate ‘Systems of National Significance’. An exposure draft of the second raft of reforms is set to be released in the next few weeks, with the period of consultation likely to run from mid December 2021 to the beginning of February 2022.
Contacts: Sophie Dawson, Julie Cheeseman, Joel Parsons, James Hoy, Jessica Laverty, Emma Croft