Summary
Introduced with the Cyber Security Bill 2024 and Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024 to implement certain measures proposed by the 2023-2030 Australian Cyber Security Strategy, the bill amends the: Security of Critical Infrastructure Act 2018 to: clarify obligations in relation to certain data storage systems that store or process business critical data; expand the government assistance framework to facilitate the management of consequences of impacts of incidents on critical infrastructure assets; amend the definition of ‘protected information’ to include a harms-based assessment and non-exhaustive list of relevant information; clarify the use and disclosure of protected information; enable the regulator to direct an entity to remedy a seriously deficient risk management program; consolidate security requirements for critical telecommunications assets; remove direct interest holders from reporting obligations associated with Systems of National Significance. Also makes consequential or contingent amendments to 5 Acts.