What to Expect from the Updated Australian Security of Critical Infrastructure Act

Best Practice Guide

Cyberattacks against critical infrastructure on the rise

The COVID-19 moment has seen a surge of illegal cyber activity – already by June 2020, attacks had increased by a staggering 400 percent – often perpetrated by opportunistic hackers taking advantage of overwhelmed IT offices as vast swathes of the economy go remote.

However, the coordinated, state-backed attacks against “all levels of government”, announced in June 2020, were orders of magnitude worse: Recent incidents such as compromises of the Australian parliamentary network, university networks and key corporate entities, natural disasters and the impacts of COVID-19 illustrate that threats to the operation of Australia’s critical infrastructure entities continue to be significant.

Nor have these coordinated attacks abated. Indeed, Defence Minister Linda Reynolds decries a “new normal” of persistent cyberattacks on Australia, effectively blurring the lines between “peace and war”. What’s to be done? In releasing the consultation paper, Protecting Critical Infrastructure and Systems of National Significance, the Government is seeking ways to shore up the security of the country’s critical infrastructure.

Although a call for feedback from industry, the paper does signpost proposed regulatory enhancements to the existing Security of Critical Infrastructure Act. Nothing is certain at this juncture. But this guide helps clarify what critical infrastructure owners and operators should expect from an updated Security of Critical Infrastructure Act.

Download the guide to continue reading >>

Download the Free Guide