The Federal Government has released an exposure draft of the Security of Critical Infrastructure Bill 2017 (Bill) which aims to decrease the national security risks to critical infrastructure posed by cyber attacks. The Bill seeks to minimise threats of espionage, sabotage and coercion facilitated by foreign involvement in Australia's critical infrastructure.
If enacted, the Bill would apply to owners and operators of 'critical infrastructure assets' which would include critical ports, electricity and water assets or other prescribed assets. The Bill proposes to:
- establish a public register of information relating to critical infrastructure (public register)
- impose ongoing obligations on asset owners and operators to provide critical infrastructure information to the public register
- impose ongoing obligations on asset owners and operators to take proactive measures to secure those assets by implementing cybersecurity protections
- increase the level of regulatory oversight for ownership and control of critical infrastructure assets, including access to these assets via outsourcing and offshoring arrangements
- give the Minister powers to declare assets as critical infrastructure assets and to direct owners and operators to do or refrain from doing particular acts – including a power of 'Last Resort' to direct asset owners and operators to take action to mitigate significant national security risks
A copy of the draft legislation is available here.