The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (Cth) (SLACIP Act) came into effect on 2 April 2022 to amend the Security of Critical infrastructure Act 2018 (Cth).
The SLACIP Act is focused on strengthening security measures in Australia, particularly in terms of technological and data safety in critical infrastructure assets. Critical infrastructure refers to the industries of:
- electricity, gas, water, and maritime port sectors
- communications
- financial services
- data storage and processing
- higher education and research
- defence
- energy
- food
- health care
- space technology
- transport, and
- water and sewage.
The SLACIP Act now makes it a requirement that an organisation operating in a critical infrastructure industry must maintain a critical infrastructure risk management program and enhance its cybersecurity standards when handling critical infrastructure assets. Despite intentions of security, this Act places an increased financial burden on critical infrastructure organisations in complying with the legislation. Unfortunately for these organisations, the SLACIP Act is only likely the tip of the iceberg as Australia moves to further tighten its cybersecurity laws in light of international affairs.
Organisations may soon be required to increase their cybersecurity measures following proposed laws in both the United States and Europe.