The Australian government is set to enhance its critical infrastructure protection through the Security of Critical Infrastructure and Other Legislation Amendment Bill 2024 (Cth) (Bill). This comprehensive reform package introduces significant changes to strengthen cybersecurity measures and expand regulatory oversight.
A key feature of the Bill is the broadened definition of critical infrastructure assets to include data storage systems containing business-critical data. This expansion will bring more organisations under regulatory supervision, requiring them to implement robust risk management procedures for their data storage systems.
The legislation also empowers the government with enhanced intervention capabilities during serious incidents affecting critical infrastructure. While this power is designed as a “last resort” measure, it allows authorities to coordinate responses to all types of hazards, not just cyber security incidents, when no other effective framework exists.
The Bill introduces important changes for telecommunications providers by aligning security obligations from the Telecommunications Act with the Security of Critical Infrastructure Act, creating a more unified regulatory framework. This includes mandatory asset protection measures and requirements to notify authorities of security risks from network changes.
Another significant amendment is the new definition of “protected information,” which now includes a harms-based assessment approach. Information will be classified as protected if its disclosure could potentially harm asset security, commercial interests, or Australia’s socioeconomic stability and national security.
The reforms also grant the Department of Home Affairs and Commonwealth regulators the power to direct entities to address serious deficiencies in their critical infrastructure risk management plans. This ‘review and remedy’ power ensures better security outcomes by allowing regulators to compel organisations to fix vulnerabilities that pose material risks to national security.
These changes reflect Australia’s commitment to strengthening its critical infrastructure resilience against evolving threats while streamlining regulatory compliance for affected organisations.
For a full reading of the Bill, see here.
