Increasing Critical Infrastructure Security In An Uncertain World
What you need to know about the Security Legislation Amendment (Critical Infrastructure) Bill 2020.
Share This Article:
At Anchoram, we know all Australians rely on critical infrastructure to deliver essential services that are crucial to economic prosperity and the Australian way of life.
What is the bill about?
As a result of an ever-changing and increasingly uncertain world, the Australian Government has proposed the Security Legislation Amendment (Critical Infrastructure) Bill 2020.
The Security Legislation Amendment (Critical Infrastructure) Bill 2020 is a bold move by the Australian Government to broaden the scope of what is considered critical infrastructure in the country and to enhance security in an increasingly hostile threat environment.
Crucially, the Bill seeks to “enhance the existing framework for managing risks relating to critical infrastructure by introducing additional positive security obligations for critical infrastructure assets”.
It will also introduce government assistance to relevant entities for critical infrastructure sector assets in response to significant cyber attacks.
Critical infrastructure is increasingly interconnected and interdependent. Connectivity without proper safeguards creates significant vulnerabilities.
Hazards ranging from natural threats (including meteorological or climate hazards) to human-induced threats, all have the potential to significantly disrupt critical infrastructure.
Who is impacted?
Put simply, If you’re an organisation operating in one of 11 newly defined critical infrastructure sectors you will be required to comply with the requirements of the Bill or face legal and financial penalties.
The Security of Critical Infrastructure Act 2018 currently covers specific entities in the electricity, gas, water and ports sectors.
The Security Legislation Amendment (Critical Infrastructure) Bill 2020 seeks to expand the scope of the Act to include critical infrastructure entities in a wider range of sectors including:
- communications
- financial services and markets
- data storage or processing
- defence industry
- higher education and research
- energy
- food and grocery
- health care and medical
- space technology
- transport, and
- water and sewerage.
Why is it a big deal?
Anchoram Consulting’s Partner for Critical Infrastructure Security, Jordan Plotnek, says the Security Legislation Amendment (Critical Infrastructure) Bill 2020 couldn’t have come at a more appropriate time.
“This Bill is big news. The last thing you want is to be caught unprepared under the spotlight,” he says.
“The COVID-19 pandemic has served us all a stark and potent reminder of what is ‘critical’, and it has been made very clear that we are unprepared. The conventional definition of critical infrastructure is simply not inclusive enough.
“When the world came to a stop, yes we relied heavily on electricity and water, but we also most memorably relied on our supermarkets and communications infrastructure to get us through – toilet paper has never seemed so important as it did in 2020!
“This Bill recognises society is now more complex than ever and (the Bill) takes a giant step towards mending that.”
What do you need to know?
“This Bill makes great strides towards improving Australia’s resilience and introduces a number of industry-tailored and asset-specific security obligations,” Jordan says.
These obligations range from maintaining a risk and asset register of critical assets through to more complex obligations such as running cyber security exercises, all of which are applied on a case-by-case basis.
The Australian Government will also offer last-resort assistance during cyber security incidents on essential assets, if an intervention is deemed necessary.
This represents a tangible commitment by the Government to ensure Australian society continues to flourish in the face of uncertainty and in spite of targeted cyber attacks.
Organisations will be individually assessed by the Department of Home Affairs to determine asset criticality, and hence which security obligations are deemed necessary.
Legal and financial penalties apply for those which do not comply with the requirements of the Bill.
“Of course it is better to take a pro-active approach to not only meet your future obligations, but to protect yourself from becoming a case study for why this program is needed in the first place,” Jordan says.
How can we help?
Critical infrastructure security is one of Anchoram’s founding capabilities, with a number of our Partners having hands-on experience. We are uniquely positioned thanks to this collective experience and would love to help you navigate these changes in whichever way we can.
Anchoram has worked across all areas of both the traditional infrastructure class and the newer assets that have now joined the club, and we are proud to have long-term critical infrastructure clients who already depend on our expertise.
We understand these changes can be daunting, especially for those organisations who are not used to having Government involvement in their security program.
We offer an array of operations-focused critical infrastructure security services, covering the spectrum of both OT and IT, including: risk assessment, threat modelling, resilience assessment, health checks, regulatory audit, and expert advice.
Contact us to have a no-strings-attached discussion with one of our specialists about what your needs are in the face of these changes, and how we can help defend your critical infrastructure.
What you need to know about the Security Legislation Amendment (Critical Infrastructure) Bill 2020.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.