The Parliamentary Joint Committee on Intelligence and Security has commenced a review into the Security Legislation Amendment (Critical Infrastructure) Bill 2020. The bill review was referred to the Committee by the Attorney-General, the Hon Christian Porter MP.
The Bill is introduced to amend and build on the existing regulatory regime created by the Security of Critical Infrastructure Act 2018 (the Act) to enhance security and resilience of critical infrastructure assets and systems of national significance. Expansion of the concepts to include systems of national significance is intended to widen the regime to address threats such as natural disasters and cyber-attacks.
The Bill seeks to achieve this expansion by amending the Act to:
- identify critical infrastructure assets across 11 industry sectors (increased from the current 4 sectors);
- establish positive security obligations for critical infrastructure assets, including to adopt and maintain a critical infrastructure risk management program (to be delivered through sector-specific requirements) and mandatory cyber incident reporting;
- introduce enhanced cyber security obligations to ensure Government and industry can work collaboratively to strengthen the cyber preparedness and resilience of entities that operate assets of the highest criticality to Australia's national interests (defined as systems of national significance); and
- provide Government with the necessary and proportionate powers to be exercised as a last resort in circumstances where a cyber security incident has, is, or is likely to impact a critical infrastructure asset and Australia's national interest.
Statutory review of the Act
As a result of a recommendation in the Committee’s Advisory Report on the Security of Critical Infrastructure Bill 2017, section 60A of the Act requires the Committee to commence a review into the operation, effectiveness and implications of the reforms introduced in the Act by 11 April 2021.
As the Bill being referred amends the regime provided for by the Act, which would be reviewed as per section 60A, the Attorney-General suggested that the Committee commence the statutory review in conjunction with the Bill review, especially in relation to “the requirement at paragraph 60A(l)(b) noting that the Bill seeks to amend the SOCI Act to capture additional assets as critical infrastructure assets. This requires the Committee to consider the appropriateness of a unified scheme to cover all critical infrastructure assets”.
The Committee agrees with this contention, and has launched the statutory review of the Security of Critical Infrastructure Act 2018 in conjunction with the Bill review.
As per section 60A of the Act, the review will analyse the operation, effectiveness and implications of the Act; and:
- consider whether it would be appropriate to have a unified scheme that covers all infrastructure assets (including telecommunication assets) that are critical to:
(i) the social or economic stability of Australia or its people; or
(ii) the defence of Australia; or
(iii) national security; and
- review the circumstances in which any declarations have been made under Part 6 of this Act (declarations of assets by the Minister); and
- report the Committee’s comments and recommendations to each House of the Parliament.
Interaction with the Review of Part 14 of the Telecommunications Act 1997 – Telecommunications Sector Security Reforms
The Committee is currently undertaking the Review of Part 14 of the Telecommunications Act 1997 – Telecommunications Sector Security Reforms (TSSR) and is encouraging submitters to the above reviews to consider the TSSR review in potential submissions, as the proposed expansions from the Bill include the telecommunications sector as a critical infrastructure asset. This has the potential to impact on the regime being already reviewed by the Committee, so therefore the Committee may seek evidence and consider shared issues regarding all three reviews concurrently.
Making a submission
The Committee invites written submissions addressing any or all of the areas of focus for the Committee’s reviews. Submissions should clearly identify which areas of focus are being addressed. Prospective submitters are advised that any submission to the Committee’s reviews must be prepared solely for the review and should not be published prior to being accepted by the Committee. Documents do not attract parliamentary privilege until they are accepted by the Committee.
Submissions are requested by 12 February 2021. Submitters may wish to address both reviews in the one submission if the separation between the two scopes and interrelated elements are clearly identified in the submission.
Further information about making a submission to a parliamentary committee inquiry is available here.