On 31 January 2022, the AICD lodged a submission with the Home Affairs Department in response to the Exposure Draft of the Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 (the Bill) and separately the proposed Security of Critical Infrastructure (Application) Rules 2021. The Bill would amend the Security of Critical Infrastructure Act 2018 (Cth) (the Act).
The submission noted that a large number of entities across an expanded list of industries will be subject to the extensive existing and proposed obligations under the Act, including Government intervention and directions powers. In the context of this expansion, and the importance of protecting Australia’s key assets and infrastructure, the AICD encouraged the Government to provide extensive guidance and support to entities to meet the objectives of the reforms.
The key points the AICD made in relation to the Bill were:
- Support for the principles-based drafting of the Risk Management Program obligations and the flexibility provided to entities to utilise existing risk management requirements to meet the obligations. We recommended extensive guidance and support for entities and directors in understanding the requirements and understanding better practice expectations.
- Support for the proposed expanded statutory immunity provisions.
- Recommended further work across government to find opportunities to align and/or harmonise existing and proposed cyber security reporting obligations.
You can read a copy of the submission here.