Last year, the Security Legislation Amendment (Critical Infrastructure) Act 2021 (Cth) (Amendment Act) introduced amendments to the Security of Critical Infrastructure Act 2018 (Cth) (SoCI Act) which extended the definition of critical infrastructure from 4 sectors (water, electricity, gas and ports) to 11 sectors being:
Critical Infrastructure Sectors
Together, these sectors cover 22 different ‘asset’ classes. An ‘asset’ broadly includes a system, network, facility, computer, computer device, computer program, data, premises and any other thing. Affected entities operating in critical infrastructure sectors are now required to upgrade their cybersecurity practices to comply with new mandatory cyber incident reporting obligations. Responsible entities and direct interest holders of critical infrastructure assets are also required to maintain a register of critical infrastructure assets containing specified information about the asset. These obligations will be ‘switched on’ by rules (which will soon follow).
It will be interesting to see how these laws will evolve in this ditigal age, particularly in relation to new and emerging markets (such as in space…
