|Australia Passes Critical Infrastructure Security Legislation
(March 29, 2018)
The Australian government has passed the Security of Critical Infrastructure Bill, which gives ministers the authority to direct companies that operate the country’s gas, water, electricity, ports, and other critical infrastructure sectors to take steps to protect their systems from cyber threats. The bill “is designed to strengthen the Government’s capacity to manage the national security risks of espionage, sabotage and coercion arising from foreign involvement in Australia’s critical infrastructure.”
The bill seems to create an “Asset Register” of all Critical Infrastructure systems and who operates them, and empower the Minister or Secretary to both demand information and issue directives if a national threat is declared. In 2017, Australia established a Critical Infrastructure Centre, mainly to deal with non-Australian companies looking to buy or make majority share investments in large Australian companies. As part of that, Australia (like the US) came out with a very broad definition of Critical Infrastructure. It is hard for me to imagine government directives across such a broad swath of the economy could ever be timely enough to improve cybersecurity. More reporting, yes.
Read more in:
– www.zdnet.com: Government passes critical infrastructure national security Bill
– parlinfo.aph.gov.au: Security of Critical Infrastructure (Consequential and Transitional Provisions) Bill 2017: Revised Explanatory Memorandum (PDF)
– parlinfo.aph.gov.au: Security of Critical Infrastructure (Consequential and Transitional Provisions) Bill 2018 (PDF)