The Australian Government has released an arguably rushed exposure draft to the Security Legislation Amendment (Critical Infrastructure) Bill in an attempt to take charge in situations of national cyberattacks.
This amendment is designed to alter the Security of Critical Infrastructure Act 2018 (Cth) by broadening the application of current legislation to, amongst other things, communications, data storage or processing, and space technology, as well as general infrastructure industries such as medical, financial, defence and education. In this sense, a greater level of security is to be imposed upon these “systems of national significance”, even permitting government intervention during incidents of significant cyberattacks.
Many universities, companies and tech conglomerates have raised red flags over this proposed Bill, principally due to the scrutinising obligations that businesses will be forced to implement. Businesses in the noted sectors will be subject to positive security obligations, risk management programs, and mandatory monitoring, with the Australian Government adopting specific powers to direct sensitive information or require the specific performance of certain acts or omissions in situations where there is a material risk to the social or economic stability of Australia or its people, or the defence of Australia, or its national security.
The Law Council of Australia has argued that the rushed consultations ‘are likely to intrude significantly on business interests and individual rights and liberties’, especially in the Government’s ability to take control over a firm and alter the use of sensitive data. Accordingly, the Australian Information Industry Association has voiced its concern over accurate definitions regarding data and cloud storage and the general consensus centres around the fact that the timeline for this amendment is moving without thorough assessment or proper consideration as to social and economic impacts and risks that this reform may have.
For sectors that are concerned about the new obligations, the Australian Government is presently accepting public submissions until 27 November 2020. Additionally, it is hosting two virtual town hall meetings on 16 and 19 November 2020 to discuss the proposed law.
For further reading see ‘Security Legislation Amendment (Critical Infrastructure) Bill 2020’.