Cyber Ethos

Facebook Linkedin Instagram

Governance Risk and Compliance

Soci Act Compliance

Critical Infrastructure SOCI all you need to know

Australia’s Cyber Security Strategy 2020

On 6 August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020 (3MB PDF).

The Australian Cyber Security Strategy 2020 will invest $1.67 billion over 10 years to achieve our vision of creating a more secure online world for Australians, their businesses and the essential services upon which we all depend. It will be delivered through:

  • Action by governments to strengthen the protection of Australians, businesses and critical infrastructure from the most sophisticated threats.
  • Action by businesses to secure their products and services and protect their customers from known cyber vulnerabilities.
  • Action by the community to practice secure online behaviours and make informed purchasing decisions.

While this Strategy is an Australian Government initiative, we recognise the essential role of state, territory, local governments, businesses, academia, international partners and the broader community in strengthening Australia’s cyber security. Every part of government, business and the community has a role to play in implementing the Cyber Security Strategy 2020.

The Security of Critical Infrastructure (SOCI) Act in Australia is particularly important for companies in the critical sector and their vendors. This Act plays a crucial role in safeguarding Australia’s critical infrastructure from threats, especially in the context of the increasingly sophisticated cybersecurity landscape. Here are the key reasons for its importance:

Enhanced Protection of Critical Infrastructure: The SOCI Act focuses on protecting essential services and infrastructure that are critical to Australia’s national security, economy, and public safety. These include sectors like energy, water, transport, communications, and now also extends to other sectors deemed critical.

Addressing Evolving Cyber Threats: With the rise in cyber threats, especially state-sponsored and sophisticated cyber-attacks, the Act provides a framework for the Australian government and critical infrastructure providers to collaborate and respond effectively to these threats.

Mandatory Reporting Obligations: The Act imposes mandatory reporting obligations for critical infrastructure entities. This ensures timely sharing of threat information, aiding in quick response and mitigation of potential security incidents.

Risk Management Programs: Companies are required to develop and maintain comprehensive risk management programs. This drives a proactive approach to identifying and mitigating risks, including cyber risks, thereby enhancing overall resilience.

Vendor Responsibilities: Vendors providing services to critical infrastructure entities also come under scrutiny. They are required to adhere to certain security standards and practices, ensuring that the supply chain does not become a vulnerability.

Government Assistance and Intervention: The Act allows for government assistance in the event of significant cyber incidents. This includes providing resources and support to respond to and recover from major attacks.

Legal and Financial Implications: Non-compliance with the SOCI Act can lead to legal and financial repercussions. Therefore, understanding and complying with the Act is crucial for businesses in the critical sector and their vendors.

Expanded Sector Coverage under
the Amended SOCI Act

Expanded Sector Coverage under
the Amended SOCI Act

Protecting Critical Infrastructure and Systems of National Significance  Security Legislation Amendment (Critical Infrastructure) Bill 2020

Source – https://www.homeaffairs.gov.au/reports-and-publications/submissions-and-discussion-papers/protecting-critical-infrastructure-systems

On 10 December 2020, the Minister for Home Affairs introduced the Security Legislation Amendment (Critical Infrastructure) Bill 2020 to Parliament.

The Bill seeks to amend the Security of Critical Infrastructure Act 2018 and expands its coverage from four sectors (electricity, gas, water and ports) to the following eleven critical infrastructure sectors:

Communications

Financial services and markets

Data storage or processing

Defence industry

Higher education and research

Energy

Food and grocery

Health care and
medical

Space technology

Transport

Water and
sewerage

The amendments to the security of Critical Infrastructure Act 2018 approved on 2 Dec 2021 are provided here – https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/security-coordination/security-of-critical-infrastructure-act-2018-amendments

Want to know more about SOCI Act Compliance?

Click Here

Contact Us