The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has commenced a review into the Security Legislation Amendment (Critical Infrastructure) Bill 2020. The bill review was referred to the Committee by the Hon Christian Porter MP, Attorney-General. As part of the referral, the Attorney-General suggested that the Committee also launch the review of the Security of Critical Infrastructure Act 2018 (the Act), required by section 60A of that Act, at the same time. The Committee has agreed to undertake both reviews simultaneously, as the Bill amends the Act to be reviewed.
The Bill is introduced to amend and build on the existing regulatory regime created by the Act, to enhance security and resilience of critical infrastructure assets and systems of national significance. Expansion of the concepts to include systems of national significance is intended to widen the regime to address threats such as natural disasters and cyber-attacks.
The Bill seeks to achieve this expansion by amending the Act to:
- identify critical infrastructure assets across 11 industry sectors (increased from the current 4 sectors);
- establish positive security obligations for critical infrastructure assets, including to adopt and maintain a critical infrastructure risk management program (to be delivered through sector-specific requirements) and mandatory cyber incident reporting;
- introduce enhanced cyber security obligations to ensure Government and industry can work collaboratively to strengthen the cyber preparedness and resilience of entities that operate assets of the highest criticality to Australia’s national interests (defined as systems of national significance); and
- provide Government with the necessary and proportionate powers to be exercised as a last resort in circumstances where a cyber security incident has, is, or is likely to impact a critical infrastructure asset and Australia’s national interest.
The statutory review of the Security of Critical Infrastructure Act 2018 will analyse the operation, effectiveness and implications of the reforms introduced in the Act.
As per section 60A of the Act, the review will review will:
- consider whether it would be appropriate to have a unified scheme that covers all infrastructure assets (including telecommunication assets) that are critical to:
- the social or economic stability of Australia or its people; or
- the defence of Australia; or
- national security; and
- review the circumstances in which any declarations have been made under Part 6 of this Act (declarations of assets by the Minister); and
- report the Committee’s comments and recommendations to each House of the Parliament.
More information regarding the two reviews and their referral can be found at the review website.
The Committee requests submissions to both reviews by Friday 12 February 2021. Submitters may wish to address both reviews in the one submission if the separation between the two scopes and interrelated elements are clearly identified in the submission.
Prospective submitters are advised that any submission to the Committee’s inquiry must be prepared solely for the inquiry and should not be published prior to being accepted by the Committee