Australia launches critical infrastructure security reforms

Part 1: find out who owns what. Part 2: get them to take security seriously ... or else


Sysadmin-in-chief of Australia's telecommunications industry, Attorney-General George Brandis, has released plans to anoint himself in a similar role in other critical infrastructure sectors, starting with an ownership register.

Australia's government has announced a consultation into its Security of Critical Infrastructure Bill, with submissions open until November 10 2017.

The proposed legislation, here, would initially cover the electricity, water, ports, and telecommunications sector (the latter also covered by reforms brought to parliament in July).

Identifying who owns and who operates critical infrastructure is a big part of the proposed bill. The explanatory memorandum [PDF] notes that if the government doesn't know who ultimately owns an infrastructure asset, it's difficult to get information it believes it needs to protect the asset.

The bill would create a register of who owns, operates, or has access to an asset, something the memorandum said is often treated as commerical-in-confidence.

The government says it intends to regulate 100 individual assets, imposing different regulatory requirements on people or organisations it identifies as “direct interest holders” and “responsible entities”.

Outsourcing arrangements will also be listed on the same register, and those on the register will have six months to notify the government of changes.

The bill also proposes a “Last Resort Power”, letting the Attorney General's Department to “mitigate significant national security risks” identified in critical infrastructure where there's no other approach available to the government. ®


Keep Reading

Back when the huge shocking thing that felt like the end of the world was Australia on fire, it turns out telcos held up all right

Or as well as they could once the power went out - yet report says reliance on electricity isn't a resilience issue

UK electricity and gas regulator Ofgem puts up £30m 'to respond to urgent requests to complete projects'

Also tasked with 'resolving system failures', and that's engineers, biz bods, devs, infoseccers and more

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

Bring-your-own-key may no longer be enough for EU data protection body

Sunday: Australia is shocked UK would consider tracking mobile data to beat pandemic. Monday: Australia to deploy drone intimidation squads

Updated Bloody poms are full of great ideas

Zoom-er or later, your past catches up with you: Vid chat service hit by sueball over end-to-end encryption claim

US consumer nonprofit alleges it was false advertising

Will there be no end to govt attempts to break encryption? Hand over your data or the kiddies get it, threaten Five Eyes spies

Column The Great Unicorn Prayer of security services: Stay secure, but - ya know - give us backdoors

Australia to track coronavirus encounters with payment card records

Plan calls to link government data across jurisdictions, even sharing airline records to track outbreaks and people who may be at risk of infection

Epic Games brings its Fortnite fight with Apple to Australia

+Comment Why Australia? Because it’s currently running an inquiry into app store monopolies, that's why

Biting the hand that feeds IT © 1998–2020