The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has backed the passage of urgent reforms as part of a proposed two-step approach to protect Australia’s critical infrastructure from cyber threats.
In its Advisory report on the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and Statutory Review of the Security of Critical Infrastructure Act 2018 tabled today, the Committee has recommended that emergency powers be swiftly legislated in a standalone bill, with a second, separate bill to be introduced following further consultation.
This recommended two-step approach will enable the quick passage of laws to counter looming threats against Australia’s critical infrastructure, while giving businesses and government additional time to co-design the most effective regulatory framework to ensure long-term security of our critical infrastructure.
The PJCIS has made 14 recommendations in relation to the Bill, including proposing a split in the current proposed framework into two amended Bills:
- Bill One for rapid passage – to expand the critical infrastructure sectors covered by the Act, introduce government assistance measures to be used as a last resort in crisis scenarios as well as mandatory reporting obligations; and
- Bill Two for further consultation – including declarations of systems of national significance, enhanced cyber-security obligations and positive security obligations which are to be defined in delegated legislation
Chair of the Committee, Senator James Paterson, said: “The Committee received compelling evidence that the complexity and frequency of cyber-attacks on critical infrastructure is increasing globally. Australia is not immune and there is clear recognition from government and industry that we need to do more to protect our nation against sophisticated cyber threats, particularly against our critical infrastructure.
“However, as the regulatory framework is still undergoing co-design with each of the eleven sectors and will not be finalised until after passage of the bill, many businesses have expressed concern about this uncertainty and asked for the entire bill to be paused in the current economic climate.
“While sympathetic to the concerns of industry leaders, the Committee does not believe that pausing the entire bill is in Australia’s national interests given the immediate cyber threats that our nation faces.
“The Committee’s recommended solution allows for the urgent measures to pass now to equip the government with the emergency powers it needs while allowing additional time for co-design to overcome the concerns of industry about the regulatory impact.
“The passage of both bills is essential because cyber-security is not just the government’s job. Industry has a role to play too and the second bill which imposes obligations on businesses is an important part of a comprehensive response to the serious challenges we face,” Senator Paterson said.