Intellectual Property, Information Technology & Cybersecurity

The Security Legislation Amendment (Critical Infrastructure) Bill 2020 (Cth) (Bill) aims to protect Australia’s critical infrastructure from cyber security threats and other hazards, building on the pre-existing framework established in the Security of Critical Infrastructure Act 2018 (SOCI Act). The Bill is currently being reviewed, with recent public hearings on 8 and 9 July 2021 highlighting some industries’ concerns.

Significantly, if passed, the Bill allows the federal government to impose obligations on, and interfere with, private and public enterprise. In this article, we focus on the proposed cyber security obligations and corresponding Government powers, but notably the Bill has much broader application.

Purpose of the Bill

The Bill responds to evolving human and natural threats to critical infrastructure in a ‘post COVID-19 world’ and aims to minimise disruption and ‘cascading consequences across our economy, security and sovereignty’.¹

While Australia has so far avoided any catastrophic cyber attacks, the Bill is said to be part of the federal government’s response in light of recent cyber incidents including:

• repeated cyber attacks on the Federal Parliamentary Network and several Australian universities;
• the targeting of supply chain businesses transporting food and medical supplies;
• ongoing attacks on the health sector and medical research facilities, which are already under increased pressure due to COVID-19. The Office of the Australian Information Commissioner has reported the health sector has experienced a larger number of data breaches than any other sector over the last two years²; and
• the disruption caused by COVID-19, in particular to the health sector.

The Bill has three main elements:

1. additional obligations for critical infrastructure assets;
2. enhanced cyber-security obligations; and
3. government assistance for cyber attack response.

We discuss each of these in our article - read the entire article.

^.....
1 Explanatory memorandum of the Bill.
² For more information on the prevalence, causes and consequences of cyber attacks in each sector see Carter Newell Cyber Risk Newsletter authored by Katherine Hayes, Greg Stirling and Hayley Nankivell, ‘Human error still causing data breaches’ (2021)https://www.carternewell.com/page/Publications/2021/human-error-still-causing-data-breaches/>.