The Australian Government is committed to protecting the essential services all Australians rely on by uplifting the security and resilience of critical infrastructure.

Increasingly interconnected and interdependent critical infrastructure is delivering efficiencies and economic benefits to operations. However, connectivity without proper safeguards creates vulnerabilities that can deliberately or inadvertently cause disruption resulting in cascading consequences across national economies, affecting their security​ and sovereignty.

The Australian Department of Home Affairs proposed national security laws in a consultation paper aimed at industry, academia and state and territory governments. The consultation period is expected to run until September 16.

The proposed laws will grant federal government agencies the power to “take direct action” against cyber-attacks and obtain information from critical infrastructure entities if it is deemed to be in the national interest.

New definition of critical infrastructure

The Australian’s Government Security of Critical Infrastructure Act 2018 defines as critical infrastructure those entities or facilities “which if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation, or affect Australia’s ability to conduct national defense and ensure national security.”

Within that broad definition of critical infrastructure, the Act currently places regulatory obligations on specific entities in the electricity, gas, water and maritime ports sectors. However, entities across all critical infrastructure sectors are facing increasing threats and may require enhanced protections.

The reforms outlined in the paper would include a number of additional sectors to the definition of critical infrastructure: banking, finance, communications, data, the Cloud, defense industry, education, research, innovation, energy, food, grocery, health, space, transport and water.

Objective of the proposed framework

The primary objective of the proposed framework is to protect Australia’s critical infrastructure from all hazards and impacts of catastrophic cyber-attacks. The enhanced framework (Read more...)