What you need to know about Australia’s critical infrastructure reforms

/in


As the cyber threat landscape continues to evolve, the key message of the 2023-2030 Australian Cyber Security Strategy (Strategy) is clear: business cyber resilience is an urgent national priority.

The Strategy seeks to strike a balance been fostering close collaboration between government and industry but, at the same time, cracking down on businesses that are not cyber-ready. While certain legislative reforms have been proposed, including to the Security of Critical Infrastructure Act 2018 (SOCI Act), no economy-wide cyber laws have been proposed at this stage. Further industry consultation will be conducted prior to the introduction of substantive reforms.

Overview and implementation

On 22 November 2023, the Minister for Home Affairs and Cyber Security, the Hon Clare O’Neil MP, released the Strategy. The Government has an ambitious goal of making Australia ‘the most cyber secure nation by 2030’ by putting almost $600 million towards implementing six ‘Cyber Shields’:

  1. Strong businesses and citizens.
  2. Safe technology.
  3. World-class threat sharing and blocking.
  4. Protected critical infrastructure.
  5. Sovereign capabilities.
  6. Resilient region and global leadership.

The Strategy directly responds to Government concerns following significant data breaches that have occurred over the past 18 months, including gaps in regulations as well as a lack of industry reporting and consultation. Initial indications are that the Strategy is being well received by business and the broader cyber security community as a comprehensive response to the evolving threat landscape. The different layers of the Strategy deal with everything from protecting critical infrastructure and growing Australia’s skilled cyber security workforce to working with international partners and introducing new regulatory reforms with a focus on close collaboration between government and industry.

The Strategy will be implemented across three stages or ‘horizons’:

  • Horizon 1: The strengthening of foundations from 2023-2025.
  • Horizon 2: Scaling of cyber maturity across the whole economy from 2026-2028.
  • Horizon 3: Becoming a world leader in cyber security by 2030.

Core law reforms on new cyber obligations, streamlined…

Source…