The Critical Infrastructure Bill - How are you Impacted?

The Security Legislation Amendment (Critical Infrastructure) Bill 2020 is working It's way through parliament and has the potential to significantly change the scope of the security expectations for many organisations. You may have received an abundant amount of information for the Bill and now need to make appropriate amendments.

Murdoch Webster is here to proactively prepare your organisation for the further measures that will occur.

WHAT DO YOU NEED TO PREPARE FOR & HOW CAN WE HELP?

Critical Infrastructure is a heavily relied essential service that is crucial to our way of life. Critical infrastructure is increasingly interconnected and interdependent. Without having the proper protection needed can ultimately create vulnerability that can cause disruption and result in cascading consequences across our businesses, security and economic growth.

The amendments in this Bill will broaden the Critical Infrastructure scope which will include electricity, communications, transport and banking and expand to include food, water, health and finance.

This means that each organisation is required to implement or revisit their Cyber Security Strategy against threats ranging from natural hazards to human induced threats (including unlawful interference, cyber incidents, espionage, chemical or oil spills, and trusted insiders). The interconnected nature of our critical infrastructure means that compromise of one essential function can have a domino effect that degrades or disrupt others.

The revised Critical Infrastructure Bill introduces an 'enhanced regulatory framework'. The strategy identifies three tiers of Critical Infrastructure that carry a different set of obligations which are discussed in detail below.

Any organisation that falls under Tier 1 will need to meet both ‘Positive & Enhanced Cyber Security Obligations’.

Any organisation that falls under Tier 2 will need to meet a ‘Positive Security Obligation’.

Any organisation that falls under Tier 3 will not need to meet additional obligations, however, will need to demonstrate the ability to effectively respond to Cyber Attacks & Protect Critical Infrastructure in a Cyber Emergency.

WHAT DOES THIS BILL MEAN FOR MY ORGANISATION?

Organisation's must now:

Have the ability to swiftly respond to Cyber Threats & promptly notify the Australian Prudential Regulation Authority of any impactful security incidents.
Have a clearly defined Security Framework & Incident Response Plan.
Have clearly defined responsibilities & security roles.
Have up to date & regular Security Vulnerability Assessments to inform on organisations gaps & opportunities to uplift security across People, Process & Tech.
Have a implemented Security Control to protect Critical Infrastructure Assets with regular maintenance to ensure effectiveness of controls.

Click the here to view the Australian Governments proposed changes of the Bill.

Sounds like A LOT! Everyone has a different understanding of Cyber Security and what it means for them. You may be a Tier 2 or 3 company and are unsure what you need to revisit, where you should focus or whether to act now. You may be a Tier 1 client and unsure if you meet the requirements you need to adhere to.

Murdoch Webster can help. We will help you determine what it is required for your organisation, how to proactively prepare & only focus on actions that are required to implement.

We work in partnership with Critical Infrastructure operators to strike a balance between uplifting security & ensuring businesses remain viable, sustainable, accessible & affordable. Strengthened networks, systems & services should be looked upon as an enabler ensuring the most important business functions are resilient during security attacks.