Minister for Home Affairs Peter Dutton introduced the Security Legislation Amendment (Critical Infrastructure) Bill 2020 into Parliament on Thursday, labelling it as a significant step in the protection of critical infrastructure and essential services that Australians rely upon.
"Critical Infrastructure underpins the delivery of goods and services that are essential to the Australian way of life, our nation's wealth and prosperity, and national security," Dutton said.
"While Australia has not suffered a catastrophic attack on our critical infrastructure, we are not immune. Australia is facing increasing cybersecurity threats to essential services, businesses, and all levels of government."
While Dutton said owners and operators of critical infrastructure are best placed to deal with such threats, he said it takes a team effort to bring about positive change.
The Bill seeks to amend the Security of Critical Infrastructure Act 2018 to implement "an enhanced framework to uplift the security and resilience of Australia's critical infrastructure".
It extends the application of the Act to communications, transport, data and the cloud, food and grocery, defence, higher education, research, and health.
The Bill introduces a positive security obligation for critical infrastructure entities, supported by sector-specific requirements and mandatory reporting requirements to the Australian Signals Directorate (ASD); enhanced cybersecurity obligations for those entities most important to the nation; and government assistance to entities in response to significant cyber attacks on Australian systems.
Dutton on Thursday said the obligation to adopt and comply with a risk management program is designed to uplift core security practices of critical infrastructure assets by "ensuring entities take a holistic and proactive approach to identifying, preventing, and mitigating risks".
The purpose of the framework requiring ASD reporting, he said, is to establish a "comprehensive understanding of the cybersecurity risks to critical infrastructure assets".
"Through greater awareness,