Adrian Johnson
TLDR:
Key points:
- Important compliance dates approaching for critical infrastructure assets under the Security of Critical Infrastructure Act.
- Responsible entities must adhere to specific cyber security frameworks and submit mandatory annual reports.
Summary of Article:
As the compliance dates for the Security of Critical Infrastructure Act approach, responsible entities of critical infrastructure assets must ensure they are meeting the necessary requirements. By 17 August 2024, these entities must have a Critical Infrastructure Risk Management Program (CIRMP) in place and comply with specified cyber security frameworks. The options for frameworks include ISO 27001, Essential Eight maturity level one, NIST’s Framework for Improving Critical Infrastructure Cybersecurity, and more. Additionally, by 28 September 2024, responsible entities are required to submit mandatory annual reports on their CIRMPs from the previous financial year. Failure to comply may result in fines of up to $234,750. The Department of Home Affairs is transitioning from an educational approach to enforcement, signaling a stricter stance on compliance. Responsible entities exempted from preparing a CIRMP must still submit an annual report explaining their exemption status. The Department is emphasizing the importance of meeting these compliance requirements, moving towards a more stringent enforcement approach.
