Australia launches critical infrastructure security reforms
Part 1: find out who owns what. Part 2: get them to take security seriously ... or else
Sysadmin-in-chief of Australia's telecommunications industry, Attorney-General George Brandis, has released plans to anoint himself in a similar role in other critical infrastructure sectors, starting with an ownership register.
Australia's government has announced a consultation into its Security of Critical Infrastructure Bill, with submissions open until November 10 2017.
Identifying who owns and who operates critical infrastructure is a big part of the proposed bill. The explanatory memorandum [PDF] notes that if the government doesn't know who ultimately owns an infrastructure asset, it's difficult to get information it believes it needs to protect the asset.
The bill would create a register of who owns, operates, or has access to an asset, something the memorandum said is often treated as commerical-in-confidence.
The government says it intends to regulate 100 individual assets, imposing different regulatory requirements on people or organisations it identifies as “direct interest holders” and “responsible entities”.
Outsourcing arrangements will also be listed on the same register, and those on the register will have six months to notify the government of changes.
The bill also proposes a “Last Resort Power”, letting the Attorney General's Department to “mitigate significant national security risks” identified in critical infrastructure where there's no other approach available to the government. ?