Image: Asha Barbaschow / ZDNet
of Australia second stage of network rule passed both houses of Congress, meaning entities running “systems of national significance” will soon be subject to enhanced cybersecurity obligations that could force them to install third party software.
Home Affairs Minister Karen Andrews said the legislation would strengthen the security and resilience of Australia’s critical infrastructure.
“Throughout the pandemic, critical sectors of Australia’s infrastructure have been regularly targeted by malicious actors seeking to exploit victims for personal gain, with disregard for the community,” said Andrews. and the essential services we all depend on.
“The Bill builds on the Morrison Government’s strong support for our national security agencies unveiled in the Federal Budget on Tuesday, aimed at making Australia stronger and keeping Australia strong. Australians are safe in an increasingly uncertain world.
Australian parliamentary body tasked with reviewing cyber law back it up behind these laws last week, said that the law would create a standardized critical infrastructure framework to make it easier for governments and industry to approach cyberattacks in a precautionary manner.
The laws, encapsulated in Security Law Amendment Bill (Protection of Critical Infrastructure) Bill 2022, which was originally billed as part of the initial phase of the network law for critical infrastructure entities that was enacted last year. However, they were eventually dropped from the first piece of legislation by the federal government Want more advice? from the industry on how to co-design the critical infrastructure regulatory framework.
Along with enhanced cybersecurity obligations, critical infrastructure reforms will require critical infrastructure entities to maintain a risk management program to identify threats to critical infrastructure assets and their likelihood. In addition, entities will be required to submit an annual report on their risk management program and if there are any hazards that have a significant impact on critical infrastructure assets.
Home Affairs Secretary Mike Pezzullo previously said the average cost of running a risk management program would bring entities back one-time payment of AU$9.7 million to set up the program and an ongoing annual cost of AU$3.7 million.
In terms of the place of important infrastructure reforms in the big picture, the reforms and ransomware action plan will serve as a major regulatory effort by the federal government to strengthen Australia’s cybersecurity position. It’s separate from the proposed new Alliance A$9.9 billion cybersecurity program was announced in the Federal Budget, which mainly focuses on providing additional resources to the Australian Signals Directorate.
RELATED INSURANCE
