Australia’s government has passed the ‘Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 (SLACIP Bill), the second tranche of critical infrastructure cyber laws, after the parliamentary body (PJCIS) reviewed and supported the amendments. The bill aims to increase the country’s defences against cyber threats originating from nation states and other criminals. Organisations that are deemed critical to the nation’s infrastructure must adhere to increased cybersecurity obligations and risk management programmes.
One of the key requirements of the bill is the enhanced scrutiny of installing third-party software. This has come under scrutiny by industry leaders and representatives, but the Australian Signals Directorate (ASD) said it would enforce this carefully and would consider the organisation’s cybersecurity posture before making any calls in this regard.
As the Bill’s requirements are still a “work in progress”, the committee is actively engaging in further consultation with critical infrastructure industry representatives, relevant bodies, and trade unions for additional feedback on the Bill’s risk management process as well as continuing industry roundtables. They acknowledged that the hardening of critical systems is a collaborative effort between government and industry that is necessary to counter the increase in sophisticated, large-scale cyber attacks.
Once the Bill receives Royal Assent, it will undergo an independent review one year later to assess its effectiveness and address any concerns. The Bill should remain fit for purpose and proportionate to the threat environment if it is to be considered a success. Australia’s governments hopes this second tranche of laws will help to create a standardised critical infrastructure framework for the nation’s intelligence agencies. This Bill sits alongside Australia’s ransomware action plan [PDF] in its attempts to strengthen the nation’s cybersecurity position.
No comments:
Post a Comment