Security Legislation Amendment (Critical Infrastructure) Act 2021 (124 of 2021)

Schedule 1   Security of critical infrastructure

Part 1   General amendments

Security of Critical Infrastructure Act 2018

6   Section 4

Repeal the section, substitute:

4 Simplified outline of this Act

This Act creates a framework for managing risks relating to critical infrastructure.

The framework consists of the following:

(a) the keeping of a register of information in relation to critical infrastructure assets (the register will not be made public);

(c) requiring notification of cyber security incidents;

(e) requiring certain entities relating to a critical infrastructure asset to provide information in relation to the asset, and to notify if certain events occur in relation to the asset;

(f) allowing the Minister to require certain entities relating to a critical infrastructure asset to do, or refrain from doing, an act or thing if the Minister is satisfied that there is a risk of an act or omission that would be prejudicial to security;

(g) allowing the Secretary to require certain entities relating to a critical infrastructure asset to provide certain information or documents;

(h) setting up a regime for the Commonwealth to respond to serious cyber security incidents;

(i) allowing the Secretary to undertake an assessment of a critical infrastructure asset to determine if there is a risk to national security relating to the asset.

Certain information obtained or generated under, or relating to the operation of, this Act is protected information. There are restrictions on when a person may make a record of, use or disclose protected information.

Civil penalty provisions of this Act may be enforced using civil penalty orders, injunctions or infringement notices, and enforceable undertakings may be accepted in relation to compliance with civil penalty provisions. The Regulatory Powers Act is applied for these purposes. Certain provisions of this Act are subject to monitoring and investigation under the Regulatory Powers Act. Certain provisions of this Act may be enforced by imposing a criminal penalty.

The Minister may privately declare an asset to be a critical infrastructure asset.

The Secretary must give the Minister reports, for presentation to the Parliament, on the operation of this Act.