ABSIA contributed a submission to the Review of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and Statutory Review of the Security of Critical Infrastructure Act 2018 on 12 February 2021.
This submission outlined some concerns arising from the Security Legislation Amendment (Critical Infrastructure) Bill 2020 - Explanatory Memorandum and other materials associated with the review. These included:
- While some industries have been making significant progress with improving their cyber resilience, other industry have lagged behind meaning these changes will be quite significant to implement;
- Any changes to security requirements, as a result of assets being impacted on by the proposed legislation, should be done in consultation with the appropriate industry and its representatives;
- More thought needs to be given to making the costs of meeting the proposed reforms affordable for smaller organisations;
- It would be unacceptable for the participants and/or owners of critical infrastructure to have to bear the responsibility for action taken by the Government during an intervention; and
- It should be made clear early on whether funding will be available to critical infrastructure assets to assist in their recovery after a cyber incident, especially where the Government has intervened.
Overall, ABSIA showed support for this review especially considering the impact of COVID-19 and the reliance on infrastructure that fell outside of the current critical infrastructure definition.
A copy of this submission can be accessed here.