Home Affairs minister Clare O’Neil has nearly doubled the number of businesses roped-into the “Systems of National Significance” schedule, lifting the number of organisations from 87 to 168 that are now subject to powerful cyber security regulations to better safeguard against attacks.
The fresh round of designations follows the expiry of a six-month grace period in mid-August that was given to critical infrastructure owners to allow them to get their act together to comply with the strict new cyber requirements before the cudgels come out.
Under the new obligations, designated organisations have to create response plans for cyber incidents, prep themselves through cyber security exercises, obtain assessments to identify and fix vulnerabilities and hand over system information to the Australian Signals Directorate (ASD) “to develop and maintain a near-real-time threat picture.”
The powers also, as a last resort, allow ASD to step in and take over emergency control of private systems when private owners have been compromised or controlled and cannot regain control.
“These declarations follow the government switching on the Critical Infrastructure Risk…
