With the Australian Government on the cusp of finalising the Security Legislation Amendment (Critical Infrastructure Bill) 2020, company directors and senior leaders across many organisations need to reconsider their personal level of accountability and how they will manage a significant cybersecurity event that might impact critical infrastructure.
The new Bill, if passed as expected, will have broad impact and give the Federal Government unprecedented powers to intervene in the security response of private organisations.
The very definition of critical infrastructure, is being questioned with the legislation capturing a broad swathe of different organisations. Traditional utilities such as power, water, gas and telecommunications are obvious candidates for inclusion in the legislation, there are many others such as medical, food supply, transport and traffic management, finance and banking, retail and higher education are now impacted by the proposed new laws.
The Government defines critical infrastructure as “those physical facilities, supply chains, information technologies and communication networks…