Australian Government launch consultation on protection of critical infrastructures
The Australian Government is committed to protecting the essential services all Australians rely on by uplifting the security and resilience of critical infrastructure.
The Government’s commitment to the continued prosperity of its economy and businesses is unwavering. The impacts of recent events only reinforce the need for collaboration between and across critical infrastructure sectors and Government to protect our economy, security and sovereignty.
At the same time, Government recognises the additional economic challenges facing many sectors and entities in the wake of the COVID-19 pandemic. The outcome it seek is clear - they want to work in partnership to develop proportionate requirements that strike a balance between uplifting security, and ensuring businesses remain viable and services remain sustainable, accessible and affordable. An uplift in security and resilience across critical infrastructure sectors will mean that all businesses will benefit from strengthened protections to the networks, systems and services we all depend on.
An enhanced critical infrastructure framework
The primary objective of the proposed enhanced framework is to protect Australia’s critical infrastructure from all hazards, including the dynamic and potentially catastrophic cascading threats enabled by cyber attacks.
The enhanced framework outlines a need for an uplift in security and resilience in all critical infrastructure sectors, combined with better identification and sharing of threats in order to make Australia’s critical infrastructure – whether industry or government owned and operated – more resilient and secure. This approach will prioritise acting ahead of an incident wherever possible.
Government has agreed that the proposed enhanced framework will apply to an expanded set of critical infrastructure sectors, comprising of three key elements:
- Positive Security Obligation, including:
a. set and enforced baseline protections against all hazards for critical infrastructure and systems, implemented through sector-specific standards proportionate to risk.
- Enhanced cyber security obligations that establish:
a. the ability for Government to request information to contribute to a near real-time national threat picture;
b. owner and operator participation in preparatory activities with Government; and
c. the co-development of a scenario based ‘playbook’ that sets out response arrangements.
- Government assistance for entities that are the target or victim of a cyber attack, through the establishment of a Government capability and authorities to disrupt and respond to threats in an emergency.
These three initiatives will be underpinned by an enhanced Government-industry partnership across all hazards.
The Government intends to consult with stakeholders during and after receiving submissions. This will also allow us to assess the impact of proposed reforms and refine the development of the enhanced framework.
Further details can be viewed at https://www.homeaffairs.gov.au/reports-and-pubs/files/protecting-critical-infrastructure-systems-consultation-paper.pdf