Govt releases critical infrastructure exposure draft
The federal government has released the exposure draft of new legislation, aimed at protecting critical infrastructure from cyber attacks, to public consultation.
As part of the proposed legislation, critical infrastructure providers would be subject to a positive security obligation, backed with sector-specific requirements.
This will include providers of infrastructure including electricity, water, telecommunications, health care and logistics.
The draft legislation would also include enhanced cybersecurity obligations for systems of national significance, centred around a strengthened relationship with government.
It would also provide avenues for governments to offer assistance to industry in response to immediate and serious cyber attacks to Australian systems.
As part of the new framework the government would keep a private register of information in relation to critical infrastructure assets, requiring the responsible entity for these assets to comply with a critical infrastructure risk management program.
Obligations would include notification of cybersecurity incidents, as well as on disclosing information in relation to the asset when necessary.
The legislation would grant the Minister for Home Affairs the ability to require these entities to make changes or refrain from doing things that may compromise the security of critical infrastructure assets. Ministers will also be granted powers to declare assets to be critical infrastructure assets at their discretion.
Violations of the provisions could result in civil penalty orders, injunctions or infringement notices.
“The increasingly interconnected nature of critical infrastructure exposes vulnerabilities that could result in significant consequences to our economy, security and sovereignty and industry will be important to the success of these reforms,” Minister for Home Affairs Peter Dutton said.
“We will continue to work closely with industry and other stakeholders to implement our plan to secure essential services — electricity, water, groceries and so on — without imposing an unnecessary regulatory burden.”
SolarWinds believes it has uncovered the highly sophisticated methods used to inject malicious...
Microsoft says the state attackers behind the SolarWinds Orion compromise viewed some of its...
US law enforcement and intelligence agencies are investigating an attack on government and...