Governance Risk and Compliance
Soci Act Compliance
Critical Infrastructure SOCI all you need to know
Australia’s Cyber Security Strategy 2020
On 6 August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020 .
The Australian Cyber Security Strategy 2020 will invest $1.67 billion over 10 years to achieve our vision of creating a more secure online world for Australians, their businesses and the essential services upon which we all depend. It will be delivered through:
- Action by governments to strengthen the protection of Australians, businesses and critical infrastructure from the most sophisticated threats.
- Action by businesses to secure their products and services and protect their customers from known cyber vulnerabilities.
- Action by the community to practice secure online behaviours and make informed purchasing decisions.
While this Strategy is an Australian Government initiative, we recognise the essential role of state, territory, local governments, businesses, academia, international partners and the broader community in strengthening Australia’s cyber security. Every part of government, business and the community has a role to play in implementing the Cyber Security Strategy 2020.
The Security of Critical Infrastructure (SOCI) Act in Australia is particularly important for companies in the critical sector and their vendors. This Act plays a crucial role in safeguarding Australia’s critical infrastructure from threats, especially in the context of the increasingly sophisticated cybersecurity landscape. Here are the key reasons for its importance:
The SOCI Act focuses on protecting essential services and infrastructure that are critical to Australia’s national security, economy, and public safety. These include sectors like energy, water, transport, communications, and now also extends to other sectors deemed critical.
With the rise in cyber threats, especially state-sponsored and sophisticated cyber-attacks, the Act provides a framework for the Australian government and critical infrastructure providers to collaborate and respond effectively to these threats.
The Act imposes mandatory reporting obligations for critical infrastructure entities. This ensures timely sharing of threat information, aiding in quick response and mitigation of potential security incidents.
Companies are required to develop and maintain comprehensive risk management programs. This drives a proactive approach to identifying and mitigating risks, including cyber risks, thereby enhancing overall resilience.
Vendors providing services to critical infrastructure entities also come under scrutiny. They are required to adhere to certain security standards and practices, ensuring that the supply chain does not become a vulnerability.
The Act allows for government assistance in the event of significant cyber incidents. This includes providing resources and support to respond to and recover from major attacks.
Non-compliance with the SOCI Act can lead to legal and financial repercussions. Therefore, understanding and complying with the Act is crucial for businesses in the critical sector and their vendors.
Expanded Sector Coverage under
the Amended SOCI Act
Expanded Sector Coverage under
the Amended SOCI Act
Protecting Critical Infrastructure and Systems of National Significance Security Legislation Amendment (Critical Infrastructure) Bill 2020
Source – homeaffairs.gov.au
On 10 December 2020, the Minister for Home Affairs introduced the Security Legislation Amendment (Critical Infrastructure) Bill 2020 to Parliament.
The Bill seeks to amend the Security of Critical Infrastructure Act 2018 and expands its coverage from four sectors (electricity, gas, water and ports) to the following eleven critical infrastructure sectors: