Thursday, 31 March 2022
Media release

Securing Australia’s critical infrastructure

Australia’s critical infrastructure – everything from electricity and water, to healthcare and groceries – will be better protected against cyber attacks and other serious security threats after new legislation passed the Parliament today.

Minister for Home Affairs Karen Andrews said the Security Legislative Amendment (Critical Infrastructure Protection) Bill will boost the security and resilience of Australia’s critical infrastructure to safeguard the essential services all Australians rely on from physical, supply chain, cyber and personnel threats.

“These reforms are a key action item under Australia’s Cyber Security Strategy 2020 and are part of the Morrison Government’s work to strengthen our management and response to security risks across critical infrastructure sectors,” Minister Andrews said.

“The Bill builds on the Morrison Government’s strong support for our national security agencies announced in Tuesday’s Federal Budget, to make Australia stronger and keep Australians safe in an increasingly uncertain world.

“We’re investing $9.9 billion to boost cyber and intelligence capability, and an extra $280 million to boost law enforcement capability.

“Throughout the pandemic, Australia’s critical infrastructure sectors have been regularly targeted by malicious cyber actors seeking to exploit victims for profit, with total disregard for the community and the essential services we all rely on.

“Following Russia’s aggression against Ukraine, it is a sad reality that there is a heightened cyber threat environment globally, and the risk of cyberattacks has increased on Australian networks, either directly or inadvertently.

“This legislation completes a reform package that gives all Australians assurance that our essential services are resilient and protected.”

The reforms passed today include:

  • Risk Management Program requiring critical infrastructure owners and operators to manage the risk of hazards that affect the delivery of essential services; designed with industry and building on existing regulatory frameworks, where possible.
  • The ability to declare Systems of National Significance – the most interconnected and interdependent of our critical infrastructure assets.
  • Enhanced Cyber Security Obligations for owners and operators of assets most critical to the nation (the systems of national significance) – centred around a strengthened relationship with government.
  • Improved information sharing provisions to make it easier for regulated entities and governments to share information as needed to comply with their obligations.

The Bill follows extensive public consultation, ongoing engagement with critical infrastructure providers and examination by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

This follows the introduction of important amendments by the Morrison Government last year and the passage of these amendments in November 2021.

These reforms build on the Coalition Government’s actions to spearhead several significant cybersecurity improvements – directly benefiting all Australians – including by: