Tech Associations Call on Australian Lawmakers to Revise Critical Infrastructure Bill


Organizations from across the globe representing a cross-section of the technology industry urged the Australian Government not to fast-track concerning provisions of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 that would allow the government to take control of critical infrastructure assets and require security incidents to be notified within a 12-hour period. If implemented, these authorities would negatively affect national security, business, and trade.

In a letter to Australian Parliament Home Affairs Minister Karen Andrews, the Information Technology Industry Council (ITI), Cyber Coalition, and the Australian Information Industry Association (AIIA) wrote:

“Our members share the Australian Government’s commitment to protecting Australians and Australia’s critical infrastructure against cyber threats [….] However, these two provisions would not accomplish that goal, would have significant unintended consequences that would decrease security in practice, and would set dangerous global precedents.”

The associations strongly recommended that, should the lawmakers move forward with the government assistance provision, they ensure that such assistance powers are subject to a statutorily-prescribed mechanism for judicial review and oversight. Without such a process in place it could undermine the values that Australia promotes internationally and set an undesirable precedent for other governments facing similar national security challenges. The associations also recommended that the mandatory cyber incident reporting timeline be extended from “within 12 hours” to “at least 72 hours” or “without undue delay to help ensure companies can devote limited resources to focusing on truly critical incidents and provide useful, appropriately contextualized information to the government.”