Critical Infrastructure Protection - legislative update

09 December 2022

Jehan Mata
Partner
Sparke Helmore Lawyers

Jehan Mata
Partner
Sparke Helmore Lawyers
t: +61 3 9291 2374

Jehan is an experienced insurance litigator with a strong background in professional indemnity, professional negligence, casualty line and health law claims. She is passionate about health law, medical and professional ethics, legislative and contractual interpretation and works with insurers and corporations on a wide range of general liability claims. Jehan also provides coverage advice to insurers and pursues recovery actions for first party property losses. She is known for her clear and succinct advice, strong negotiation skills and highly strategic and proactive approach to dispute resolution.

In our previous articles of March and July, we discussed the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) coming into force, amending the Security of Critical Infrastructure Act 2018 (SOCI Act), and introducing the following key measures:

a new requirement for responsible entities to create and maintain a critical infrastructure risk management program, and
a new framework for enhanced cyber security obligations required for operators of systems of national significance

Since then, consultations have continued between the Government and industry partners to ensure the above measures are not a regulatory burden on the industry. Consequently, the Minister of Home Affairs undertook consultations on the proposed risk management program between 5 October 2022 and 18 November 2022.

The risk management program rules can be found within the Security of Critical Infrastructure (Critical Infrastructure risk management program) Rules (LIN 22/018) 2022. Essentially, the program focuses on four key hazard areas: cyber and information security, personnel hazards, supply chain, physical security hazards and natural hazards.

The Minister of Home Affairs has proposed to apply the program requirements to the following critical asset classes:

Communications
Data storage or processing
Financial services and markets
The water and sewerage
Energy
Healthcare and medical
Higher education and research
Food and grocery
Transport
Space technology
Defence industry

Read more about our cyber and privacy capabilities on our website.

29-04-2024 | What is the right to disconnect and how will it impact you?

20-03-2024 | Modernising the WorkCover Scheme – what this means for third party insurers?

08-02-2024 | Timeframes to be imposed for making initial and reviewable decisions under the SRC Act from 1 April 2024

23-01-2024 | Western Australia announces landmark reforms to building laws

22-01-2024 | Closing Loopholes Part 1 - Commonwealth Wage Theft Laws

20-12-2023 | In the Loop - Same Job, Same Pay measures

Media room