New rules for IT reporting
The Federal Government has rolled out new powers that will require infrastructure managers to detail their IT environments.
The Security of Critical Infrastructure Act 2018 has come into force, introducing new measures to secure around 165 of the “highest-risk critical infrastructure assets”, such as electricity, water, gas and port infrastructure.
The bill means owners and operators are now required to provide information about who owns and controls their assets, including outsourced or offshore providers.
They must inform the government of the level to which the infrastructure operator can access its networks and systems.
Operators have until January 11, 2019 to hand over the information, and have just 30 days to update that information when circumstances change.
New ministerial and information-gathering powers allow the government to tell asset operators to fix security holes, or give up specific information such as procurement plans, contracts, and tender documentation.
Minister for Home Affairs Peter Dutton said it is an “essential step” given the complex national security risks faced across the country.
“While foreign involvement in Australia’s infrastructure and economy is welcomed, it does mean our critical infrastructure assets are potentially more exposed than ever,” Mr Dutton said.
“The Act establishes a register, providing government visibility of who owns and controls the highest-risk critical assets and is based on public consultations involving more than 300 owners and operators and state governments.”