Critical Infrastructure Protection - legislative update09 December 2022
In our previous articles of March and July, we discussed the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) coming into force, amending the Security of Critical Infrastructure Act 2018 (SOCI Act), and introducing the following key measures:
- a new requirement for responsible entities to create and maintain a critical infrastructure risk management program, and
- a new framework for enhanced cyber security obligations required for operators of systems of national significance
Since then, consultations have continued between the Government and industry partners to ensure the above measures are not a regulatory burden on the industry. Consequently, the Minister of Home Affairs undertook consultations on the proposed risk management program between 5 October 2022 and 18 November 2022.
The risk management program rules can be found within the Security of Critical Infrastructure (Critical Infrastructure risk management program) Rules (LIN 22/018) 2022. Essentially, the program focuses on four key hazard areas: cyber and information security, personnel hazards, supply chain, physical security hazards and natural hazards.
The Minister of Home Affairs has proposed to apply the program requirements to the following critical asset classes:
- Data storage or processing
- Financial services and markets
- The water and sewerage
- Healthcare and medical
- Higher education and research
- Food and grocery
- Space technology
- Defence industry
Read more about our cyber and privacy capabilities on our website.