The Security of Critical Infrastructure Act 2018 currently covers specific entities in the electricity, gas, water and ports sectors. The Security Legislation Amendment (Critical Infrastructure) Bill 2020 seeks to expand the scope of the Act to include critical infrastructure entities in a wider range of sectors including: communications; financial services and markets; data storage or processing; defence industry; higher education and research; energy; food and grocery; health care and medical; space technology; transport; and water and sewerage.

The Department of Home Affairs will work in partnership with critical infrastructure operators to develop requirements that strike a balance between uplifting security and ensuring businesses remain viable and their services remain sustainable, accessible and affordable. An uplift in security and resilience across critical infrastructure sectors will mean that all businesses benefit from strengthened protections to the networks, systems and services they rely on.

Underpinned by an enhanced partnership with industry, predominantly through a reinvigorated Trusted Information Sharing Network, the reforms will introduce:

• Positive Security Obligation, including the provision of information for the Critical Infrastructure Asset Register, Risk Management Plans and cyber incident reporting, which can only be activated for a sector following consultation with affected entities;
• Enhanced Cyber Security Obligations for the most critical entities (systems of national significance); and
• Government Assistance to respond to cyber attacks on critical infrastructure in a cyber emergency.

To ensure the successful implementation of the reforms, the Department of Home Affairs will undertake a staged, sector-by-sector approach to co-designing relevant requirements to reduce regulatory burden and minimise duplication with existing regulatory frameworks.