Changes to the Security of Critical Infrastructure Act 2018 are planned that are of importance to asset management with provision being made to:
- provide that specified critical infrastructure assets must adopt and maintain a critical infrastructure risk management program;
- provide for annual reporting obligations for assets that are exempt from the risk management program obligation;
- make minor amendments in relation to consultation requirements and immunities;
- provide for additional cyber security obligations that may be applied in relation to systems of national significance;
- provide that directions facilitating government assistance to industry in the event of a serious cyber security incident prevail over the requirements of a risk management program;
- amend provisions that authorise the use and disclosure of protected information;
- provide that the minister’s power to privately declare an asset as a critical infrastructure asset includes a power to require compliance with a risk management program;
- enable the minister to declare a critical infrastructure asset to be a system of national of significance; and
- include additional reporting requirements;
- and AusCheck Act 2007 to make consequential amendments.
- also makes a technical amendment to the Criminal Code Act 1995.
Access the Critical Infrastructure Protection Bill here.
There will be a presentation on how to prepare for the Critical Infrastructure Protection Bill at AMPEAK22 so don’t miss the presentation scheduled for Session 8C on Wednesday 6th April commencing at 12noon!