cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Government tables cyber security reforms

Expanding the definition of critical infrastructure and the introduction of an incident reporting regime are among new cyber security reforms introduced into parliament.

user icon Charbel Kadib
Wed, 20 Oct 2021
Government tables cyber security reforms
expand image

The Coalition government has tabled reforms to the Security Legislation Amendment (Critical Infrastructure) Bill 2020, designed to improve nationwide responses to cyber attacks on critical infrastructure.

Reforms include the provision of government assistance to industry as a last resort – subject to “appropriate limitations”.

According to Minister for Home Affairs Karen Andrews, emergency assistance or directions would be provided immediately before, during or after a significant cyber security incident to “mitigate and restore essential services”.


“These emergency measures will only apply in circumstances where a cyber attack is so serious it impacts the social or economic stability of Australia or its people, the defence of Australia or national security and industry is unable to respond to the incident,” the minister added.

Other reforms include the introduction of a cyber-incident reporting regime for critical infrastructure assets and expanding the definition of critical infrastructure.

If the proposals are ratified, the expanded definition would include:

  • energy;
  • communications;
  • financial services;
  • defence industry;
  • higher education and research;
  • data storage or processing;
  • food and grocery;
  • health care and medical;
  • space technology;
  • transport; and
  • water and sewerage sectors.

Minister Andrews said the amendments are priority areas for the government, forming part of a broader push to bolster cyber resilience.

“The Morrison government is committed to protecting Australia’s critical infrastructure to secure the essential infrastructure and services all Australian’s rely on – everything from electricity and water to health care and groceries,” Minister Andrews said.

“Recent cyber attacks and security threats to critical infrastructure, both in Australia and overseas, make these reforms critically important.

“They will bring our response to cyber threats more into line with the government’s response to threats in the physical world.”

The minister also noted the importance of strengthening collaboration between public and private sector stakeholders.

“Attacks on our critical infrastructure require a joint response, involving government, business and individuals, which is why we are asking critical infrastructure owners and operators to help us help them by reporting cyber incidents to the Australian Cyber Security Centre.

“Implementing these reforms now will allow the government to continue to work with critical infrastructure entities to develop supporting rules to ensure that the second phase of reforms is implemented in a manner that secures appropriate outcomes without imposing unnecessary or disproportionate regulatory burden.”

The introduction of these new amendments come just a week after the government proposed new criminal offences, tougher penalties and a mandatory reporting regime as part of a new and comprehensive Ransomware Action Plan.

Proposals include:

  • Introducing a new stand-alone aggravated offence for all forms of cyber extortion;
  • introducing a new stand-alone aggravated offence for cyber criminals seeking to target critical infrastructure;
  • criminalising the act of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence;
  • criminalising the buying or selling of malware for the purposes of undertaking computer crimes; and
  • modernising legislation to ensure that cyber criminals won’t be able to realise and benefit from ill-gotten gains.

The government also plans to develop a mandatory ransomware incident reporting regime for businesses with a turnover exceeding $10 million per annum.

[Related: Tough new laws to protect Australians against ransomware]

Charbel Kadib

Charbel Kadib

News Editor – Defence and Security, Momentum Media

Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.