At the end of last year, Australia’s Security Legislation Amendment (Critical Infrastructure) Act 2021 became law to give government “last resort” powers to direct an entity when responding to cyber attacks, which included introducing a cyber-incident reporting regime for critical infrastructure assets.
Those laws were originally drafted to be wider in scope, with Home Affairs proposing other obligations for organisations within critical infrastructure sectors.
Provisions seeking to enshrine those obligations were eventually set aside, however, with the federal government deciding to follow a recommendation made by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to have those omitted aspects introduced under a second Bill.
Read more…
Source: ZDNet