September 30, 2021
Parliament’s intelligence and security committee has recommended emergency powers be swiftly legislated to counter growing threats to critical infrastructure.
The committee, in a report tabled on Wednesday morning, calls for rapid amendments to critical infrastructure legislation to expand the range of sectors to be protected under the Act, and introduce new “last resort” government assistance measures to crisis scenarios.
The committee also calls for new mandatory incident reporting obligations for operators of critical infrastructure to be urgently put in place.
It recommends a second bill be passed, after consultation with industry, on enhanced cyber security obligations, and declarations of systems of national significance.
The report has bipartisan support, ensuring the recommended legislative changes will be supported in the parliament.
Parliamentary Joint Committee on Intelligence and Security chairman James Paterson said: “The Committee received compelling evidence that the complexity and frequency of cyber-attacks on critical infrastructure is increasing globally.
“Australia is not immune and there is clear recognition from government and industry that we need to do more to protect our nation against sophisticated cyber threats, particularly against our critical infrastructure.”
The committee’s recommendations follow its review of the government’s Critical Infrastructure Bill 2020, which was designed to protect 11 critical infrastructure sectors from worsening cyber threats.
Some industry leaders had sought a pause in the passage of the bill to allow further consultation on how it would be applied.
But Senator Paterson said the committee “does not believe that pausing the entire bill is in Australia’s national interests given the immediate cyber threats that our nation faces”.
“The Committee’s recommended solution allows for the urgent measures to pass now to equip the government with the emergency powers it needs while allowing additional time for co-design to overcome the concerns of industry about the regulatory impact,” he said.
“The passage of both bills is essential because cybersecurity is not just the government’s job. Industry has a role to play too and the second bill which imposes obligations on businesses is an important part of a comprehensive response to the serious challenges we face.”
