The parliamentary joint committee on intelligence and security (PJCIS) has backed the passage of urgent reforms as part of a proposed two-step approach to protect Australia’s critical infrastructure from cyber threats.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Following its advisory report on the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and Statutory Review of the Security of Critical Infrastructure Act 2018 tabled on Wednesday, PJCIS is pushing for emergency powers be swiftly legislated in a standalone bill, with a second, separate bill to be introduced following further consultation.
The committee received compelling evidence that the complexity and frequency of cyber attacks on critical infrastructure is increasing globally, according to senator James Paterson, chair of the PJCIS committee.
"Australia is not immune and there is clear recognition from government and industry that we need to do more to protect our nation against sophisticated cyber threats, particularly against our critical infrastructure," Senator Paterson said.
“However, as the regulatory framework is still undergoing co-design with each of the 11 sectors and will not be finalised until after passage of the bill, many businesses have expressed concern about this uncertainty and asked for the entire bill to be paused in the current economic climate."
The recommended two-step approach will enable the quick passage of laws to counter looming threats against Australia’s critical infrastructure, while giving businesses and government additional time to co-design the most effective regulatory framework to ensure long-term security of our critical infrastructure.
The PJCIS has made 14 recommendations in relation to the bill, including proposing a split in the current proposed framework into two amended bills:
- Bill one for rapid passage – to expand the critical infrastructure sectors covered by the act, introduce government assistance measures to be used as a last resort in crisis scenarios as well as mandatory reporting obligations; and
- Bill two for further consultation – including declarations of systems of national significance, enhanced cyber security obligations and positive security obligations, which are to be defined in delegated legislation.
The passage of both bills is essential because cyber-security is not just the government’s job, Senator Paterson added.
"Industry has a role to play too and the second bill which imposes obligations on businesses is an important part of a comprehensive response to the serious challenges we face," Senator Paterson said.
“The Committee’s recommended solution allows for the urgent measures to pass now to equip the government with the emergency powers it needs while allowing additional time for co-design to overcome the concerns of industry about the regulatory impact.
“While sympathetic to the concerns of industry leaders, the committee does not believe that pausing the entire bill is in Australia’s national interests given the immediate cyber threats that our nation faces."
[Related: Defence bolsters national security research funding]