Amid increasing threats from state-based actors and trans­national criminal organisations targeting Australian governments, energy and water operators, companies and universities, the Morrison government is moving to implement the nation’s biggest critical infrastructure shake-up.

An exposure draft of the Security Legislation Amendment (Critical Infrastructure) Bill, released on Monday, includes new step-in powers allowing national security agencies to actively disrupt and repel cyber attackers.

The critical infrastructure framework will also extend regulatory security obligations outside the electricity, gas, water and maritime sectors.

An enhanced definition of critical infrastructure, aimed at avoiding “catastrophic” disruption to our economy and security will cover the banking and fin­ance, food and grocery, health, transport, energy, water, communications, space, data and the cloud, higher education, research, and defence industry sectors.

Home Affairs Minister Peter Dutton said the government would work with impacted sectors to implement its plan to secure essential services “without imposing an unnecessary regulatory burden”.

“The increasingly interconnected nature of critical infrastructure exposes vulnerabilities that could result in significant consequences to our economy, security and sovereignty and industry will be important to the success of these reforms,” he said.

High-profile cyber attacks in the past two years have targeted federal parliamentary networks, water services, airports, logistics companies and universities.

There has also been an increased focus on health sector organisations and medical research facilities, which are considered vulnerable to cyber attacks.

While the government has avoided naming state-based actors targeting Australian interests, China has been widely blamed for industrial-scale cyber attacks, which escalated during the pandemic.

Telstra chief executive Andy Penn, chair of the Cyber Security Strategy Industry Advisory Panel, said the draft legislation followed a “consistent approach that focuses on building the nation’s ­resilience and security in response to expanding cyber threats”, while minimising “duplication of existing obligations and supporting a level playing field for our economy”.

“We need these systems to remain secure and resilient to ensure we are able to maintain our social and economic interconnectedness and bounce back post-COVID,” Mr Penn said.

Cyber Security Co-operative Research Centre chief executive Rachael Falk said the changes were essential to ensure Australia remained a “safe and trusted place to do business”.

“We know state-based actors and sophisticated criminal syndicates are increasingly looking to exploit any weakness,” she said.

Ms Falk, who is working with Mr Penn on the advisory panel, said up to 80 per cent of ASX-listed companies could potentially be impacted by the government’s reforms. “That is just ASX-listed companies; across the entire econ­o­my, a multitude of businesses will be involved. Given the increasingly connected and digi­tised nature of critical infra­structure, the need and expect­ation of critical infrastructure entities to manage cyber risks effectively is paramount,” she said.

The security reforms include positive security obligations, enforcing baseline protections against “all hazards for critical infrastructure and systems, implemented through sector-specific standards proportionate to risk”.

Under cyber security obli­gations, the government can request information contributing to “a near real-time national threat picture” and require entities to support the “co-development of a scenario-based ‘playbook’ that sets out response arrangements”.

The government’s intervention powers include bringing systems back online to restore normal functions, and accessing, analysing and modifying networks (including installing, searching or temporarily bringing a service or network offline to protect it from malicious activity).

Critical infrastructure entities will be subject to varying aspects of the reforms. The Australian understands measures will increase scrutiny of company boards.

More Coverage

What ASIS looks for in Aussie ‘foreigner’ spies

ROSIE LEWIS

Spy twisted arms with ‘kidnap’

ROSIE LEWIS

The truth is out there

Alice Workman

Agency probed its own spies

PAUL MALEY

Geoff ChambersChief Political Correspondent

Geoff Chambers is The Australian’s Chief Political Correspondent. He was previously The Australian’s Canberra Bureau Chief and Queensland Bureau Chief. Before joining the national broadsheet he was News Editor at The Daily and Sunday Telegraphs and Head of News at the Gold Coast Bulletin. As a senior journalist and political reporter, he has covered budgets and elections across the nation and worked in the Queensland, NSW and Canberra press galleries. He has covered major international news stories for News Corp, including earthquakes, people smuggling, and hostage situations, and has written extensively on Islamic extremism, migration, Indo-Pacific and China relations, resources and trade.

@Chambersgc

Geoff Chambers

More related stories

Defence

‘Unique’ AUKUS deal a safeguard from tariffs: Marles

Defence Minister Richard Marles spruiks Australian contributions to US military at a meeting with Pete Hegseth in Washington, as Donald Trump runs the ruler over American allies.

Read more

Inquirer

Trump’s Gaza gambit is brazen and naive

Donald Trump has shown the gulf between his position and Anthony Albanese’s, wedging Labor on Palestine. But his plan to ‘own’ Gaza won’t work.

Read more