You are here

Australia

Country:
Survey Answer:

Yes. The Security of Critical Infrastructure Act 2018 (Cth) (SCI Act) was passed on 11 April 2018 and will come into force in Australia on 11 July 2018. The SCI Act will apply to operators of critical infrastructure assets in the following sectors:
• Electricity;
• Gas;
• Water;
• Ports; and
• Telecommunications.
The focus of the SCI Act is the protection of critical infrastructure assets from national security risks of espionage, sabotage and coercion. The SCI Act does not specifically relate to IT security, but some obligations under the SCI Act may involve IT security generally. In particular, under the SCI Act, the relevant Minister can, under certain circumstances, direct an operator of a critical infrastructure asset to do, or refrain from doing, an act or thing in order to address a security risk to a critical infrastructure asset. For example, the Minister may issue a direction for the entity to implement extra cyber security measures to prevent unauthorized access to the asset’s control network, or to move currently stored offshore operating data to a more secure data storage provider.

Provided By:
Phil Catania: Corrs Chambers Westgarth