cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Home Affairs, ASD to weigh in on new critical infrastructure bill

A parliamentary committee will be held on Thursday to discuss the government’s latest efforts to bolster cyber resilience.

user icon Charbel Kadib
Thu, 29 Jul 2021
Home Affairs, ASD to weigh in on new critical infrastructure bill
expand image

The Parliament’s intelligence and security committee will convene this afternoon (Thursday, 29 July) for its fourth public hearing as part of its reviews of the proposed Security Legislation Amendment (Critical Infrastructure) Bill 2020 and the Security of Critical Infrastructure Act 2018.

Representatives from both the Department of Home Affairs and the Australian Signals Directorate (ASD) are set to appear before the committee to address evidence presented by industry and subject matter experts during the consultation process.

“The committee has heard from a wide range of independent experts and entities proposed for regulation by the Bill and the existing regime,” senator James Paterson, chair of the committee, said.


“The committee has heard important evidence, not just on how these laws may impact critical infrastructure service providers and their customers, but also on the scale of the cyber threat from both criminal and state actors.”

Senator Paterson noted that evidence presented by Home Affairs and the ASD would help inform the committee’s forthcoming report and recommendations,

The ‘Protecting Critical Infrastructure and Systems of National Significance’ reforms were introduced as part of the Security Legislation Amendment (Critical Infrastructure) Bill 2020, in a bid to enhance the nation’s data sovereignty.

A new Hosting Strategy, overseen by the Digital Transformation Agency (DTA), has also been established, requiring all government data to be stored in onshore data centres with ‘Certified Strategic’ or ‘Certified Assured’ accreditation.

The framework also requires government data to be managed by cloud and managed service providers based in Australia, in a bid to bolster government controls across supply chains.

However, some stakeholders, including David Tudehope, CEO of Macquarie Telecom Group, do not believe the reforms go far enough.

Tudehope has urged the Commonwealth government to expand reforms to include safeguards for data stored overseas, referencing the US CLOUD Act, which extends jurisdiction over all data in the possession or control of American cloud providers, irrespective of location.

He claimed that under its current form, the proposed legislation creates a “perverse incentive” for critical infrastructure providers to relocate business data stores offshore to bypass regulation.

To address this, Tudehope has proposed that a critical infrastructure provider’s data be treated as a critical asset regardless of whether it’s managed in-house, hosted by a third party or located offshore.

“Ensuring this data is always stored and secured in Australia will not in itself prevent it from being targeted or compromised. But if Australia’s laws and authorities are to help secure and defend Australia’s critical data, it must first be brought within the new security regulatory regime,” he said.

“To do otherwise is to surrender our sovereignty over data when it has never mattered more.”

Charbel Kadib

Charbel Kadib

News Editor – Defence and Security, Momentum Media

Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.