Australian Cyber Security co-ordination and Critical Infrastructure Risk Management

The Government has announced it will establish a Coordinator for Cyber Security, supported by a National Office for Cyber Security within the Department of Home Affairs, to ensure a centrally coordinated approach to deliver Government’s cyber security responsibilities.

The Cyber Security Strategy Expert Advisory Board has released a discussion paper seeking feedback on the development of the 2023-2030 Australian Cyber Security Strategy.

The paper discusses reform of the Security of Critical Infrastructure Act to include adding customer data and “systems” in the definition of critical assets.

It also asks whether during a cyber incident, would an explicit obligation of confidentiality upon the Australian Signals Directorate (ASD) and Australian Cyber Security Centre (ACSC) improve engagement with organisations that experience a cyber incident so as to allow information to be shared between the organisation and ASD/ACSC without the concern that this will be shared with regulators?

Critical Infrastructure Risk Management Program requirement

Amendments to the Security of Critical Infrastructure Act 2018 (Cth) have introduced a new requirement for responsible entities for critical infrastructure assets to have a plan in place to assist them in managing ‘material risks’ of ‘hazards’ which could have a ‘relevant impact’ on their critical infrastructure asset.

Background.

The Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 23/006) 2023 (CIRMP Rules) specify that responsible entities for the following critical infrastructure assets are required to have in place, maintain and comply with a written critical infrastructure risk management program (CIRMP):

  • Broadcasting
  • Domain Name Systems
  • Data Storage or processing
  • Electricity
  • Energy Market Operator
  • Gas
  • Liquid Fuels
  • Payment Systems
  • Food and Grocery
  • Designated Hospitals (listed in Schedule 1 of the CIRMP Rules)
  • Critical Freight Infrastructure
  • Critical Freight Services
  • Water.

More information

The rules commenced on 17 February 2023 with a 6 month transition.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.