The Security Legislation Amendment (Critical Infrastructure Bill) 2020 is currently working its way through parliament and has the potential to dramatically change the scope of the security expectations for a wide range of organisations.
The goal of the amendments, according to the Government’s explanatory document (pdf), is to protect “the essential services all Australians rely on by uplifting the security and resilience of our critical infrastructure.”
These threats, the document states, range from “natural hazards (including weather events) to human induced threats (including interference, cyber attacks, espionage, chemical or oil spills, and trusted insiders).”
The amendments include a widening of the kinds of infrastructure seen as ‘critical’, regulations around reporting times for breaches, and mandates for Governmental involvement in responses.
This is the first of several articles that will outline the parts of the bill that are most relevant to the IT channel, with commentary from experts from cybersecurity consultancy The Secure Board and ASX-listed cybersecurity provider Tesserent.
This piece will cover the expert’s reaction to the bill as a whole and the types of organisations would be included were the bill to pass in its current form.
General impressions
Tesserent chief information officer Michael McKinnon said the bill “is fairly in line with what we see in other areas of regulation around cybersecurity and related areas.
“[The] Australian government is acknowledging that cyber warfare is an unfolding growth area that needs to be addressed, and the only way to address that is to seek participation from critical infrastructure operators, so that if Australia is ‘under attack’, then we're able to respond as a country in a coordinated and effective way, and the g ..
Support the originator by clicking the read the rest link below.
