Rationale for the Bill
2.1
The stated objective of the Bill is to provide a ‘risk-based regulatory framework to manage national security risks from foreign involvement in Australia’s critical infrastructure’. The Bill focuses primarily on the risk of sabotage, espionage and coercion in ‘Australia’s highest-risk critical infrastructure sectors’ of electricity, gas, ports and water.
2.2
Governments and industry members alike recognise the importance of foreign involvement, in its various forms, in Australia. The Explanatory Memorandum states that
foreign involvement in the economy and in Australia’s infrastructure … plays an important and beneficial role in supporting economic growth, creating employment opportunities, improving consumer choice, and promoting healthy competition, while increasing Australia’s competitiveness in global markets.
2.3
Energy Networks Australia stated:
Many network service providers are owned wholly or partly by foreign entities. Foreign investment in Australian energy networks delivers valuable benefits for Australia’s economy and community, in supporting economic growth, creating employment opportunities, and supporting Australia’s competitiveness in global markets.
2.4
The Northern Territory Government described the particular importance of foreign involvement from the territory’s perspective:
Large scale commercial ventures such as the Inpex gas plant currently under construction are vital to both the Northern Territory economy and the Commonwealth’s developing northern Australia agenda.
2.5
The Explanatory Memorandum indicated that the Australian context has evolved, leading to an increasingly complex national security picture of critical infrastructure:
With increased privatisation, outsourcing and offshoring of supply chain arrangements, and the shift in Australia’s international investment profile, critical infrastructure is more exposed than ever to sabotage, espionage and coercion.
2.6
Witnesses raised similar concerns during the Committee’s inquiry into the Foreign Influence Transparency Scheme Bill 2017 and National Security Legislation Amendment (Espionage and Foreign Interference) Bill 2017. For example, one witness expressed growing concerns, in the international and domestic domain, of foreign intelligence activities in critical infrastructure:
[I]n the United States there's increasing concern from defence and intelligence agencies about the role of Chinese corporations, state-owned and private—private with links to the government or intelligence agencies—gaining a foothold, or more than a foothold, in infrastructure—power, telecommunications and so on.
The same concern is clearly manifest perhaps not quite as much in Australia's defence community but certainly in the intelligence community, and it seems to me and others who understand the objective of the [People’s Republic of China] a really great folly to allow Chinese corporations to get close access to our critical infrastructure.
2.7
The Department of Home Affairs outlined existing efforts to manage national security risks in critical infrastructure:
While longstanding government-business partnerships such as the Trusted Information Sharing Network, TISN, and ASIO's Business and Government Liaison Unit, for example, have been effective in facilitating information sharing and enabling critical infrastructure to manage a wide range of risks as part of their normal business continuity, the risks of sabotage, espionage and coercive influence in critical infrastructure are not as well understood or managed.
2.8
The Explanatory Memorandum states that the Foreign Investment Review Board (FIRB) process assists with managing national security risks in critical infrastructure, but has limitations:
The FIRB process is one existing mechanism through which the Government can implement mitigations. However, this only applies to foreign investments above certain thresholds at the time of the proposed transaction. It is not possible to use it as a mechanism to address risks in outsourcing or offshoring for assets owned by domestic entities or where sales fall outside of the FIRB screening thresholds.
2.9
The Foreign Acquisitions and Takeovers Act 1975 dictates the FIRB process. In some industries, the FIRB does not screen acquisitions that are equal to, or less than, $1,134 million. Acquisitions in ‘sensitive businesses’, as defined by the legislation, can have lower thresholds, depending on the country of the investor and industry of the target business. Sensitive businesses appear to exclude water, gas and electricity, which the Explanatory Memorandum to the Bill describes as ‘highest risk sectors’.
2.10
As stated in Chapter 1, the then Attorney-General advised that the Bill supports the work of the CIC. Since being established in January 2017, the CIC has been working to identify national security risks and develop mitigations in critical infrastructure assets. The Explanatory Memorandum describes the CIC’s approach to identifying and developing risk mitigations:
The Centre aims to build on these [long-standing government-business] partnerships to address the specific national security risks from foreign involvement in critical infrastructure …
Once the Centre has assessed the risks from foreign involvement in an asset, it looks to work collaboratively with the asset owner to develop and implement proportionate mitigations to address the risks.
2.11
The Regulation Impact Statement (RIS) refers to information gaps that have prevented the CIC from achieving this objective:
[T]he Centre cannot undertake a comprehensive risk assessment without understanding how the asset and sector operates and where there may be vulnerabilities. To determine what vulnerabilities may exist, it is essential to have a detailed understanding of who owns, controls and has access to a particular asset … However, critical asset owners often treat this information as commercial-in-confidence and may be reluctant to share with government unless required to do so.
2.12
The Explanatory Memorandum also notes challenges in identifying and understanding ownership, control over, and access to, a critical infrastructure asset:
Further, while ownership is an important aspect, the degree of control and access through outsourcing and offshoring arrangements can also be difficult to establish, as they are often detailed in complex contractual arrangements.
General views on the objectives and development of the Bill
2.13
Broadly, governments and organisations support the underlying national security objectives of the Bill. For example, Energy Networks Australia stated:
Energy Networks Australia recognises that security and resilience of critical infrastructure is necessary to support Australia’s society, economy and future prosperity.
2.14
The South Australian Government stated that it also
supports the intent of the Bill as a mechanism to mitigate against the risks associated with foreign ownership and control.
2.15
Some industry members considered that the Bill’s focus on risks arising from foreign ownership, control and access is too narrow:
The legislation directs that water utilities view foreign ownership as a critical risk, in line with many other normal risks such as extreme weather and failure to supply safe drinking water. This approach appears to support a particular direction, without a robust recognition that the consideration of wider and existing prioritised risks have higher risk ratings and operational impacts.
2.16
Similarly, the Australian Pipelines Gas Association (APGA) stated that while it ‘supports the intent’ of the Bill
APGA is concerned that the function of the CIC is focussed solely on national security risks in respect to foreign involvement. The scope to cover National Security Risks for critical infrastructure should be wider than just foreign involvement.
2.17
The APGA considered that the consultation process during the development of the Bill was ‘not an ideal process’:
We engaged with the Critical Infrastructure Centre first in March last year as the scope of the organisation in this bill was being determined, and they were consulting with a number of infrastructure organisations and infrastructure sectors about which infrastructure should be included in the bill. They reached their conclusions, and in October the draft bill was released, and it covered electricity, ports and water. So we no longer thought that we were part of the first round of consideration for the process, and we didn't pay too much attention to it from there. And then, come the start of November, about 10 business days before the public consultation on the draft bill closed, gas companies started getting emails from the Critical Infrastructure Centre saying that a decision had been made to include gas infrastructure in the draft bill. We have no understanding of the decision-making process that originally decided that gas didn't need to be included in the bill and then subsequently did need to be included in the bill.
2.18
The Water Services Association of Australia (WSAA) made similar remarks about the
lack of detailed consultation with industry in the preparation of the bill. Particularly the approach taken to use the ‘inform’ mode of consultation rather than collaborate or empower.
2.19
The Department of Home Affairs explained that there had been a ‘sector‑wide consultation process’ and that
[e]ach of the sectors was probably represented but the ability to sort of meet with everybody individually—there is a fair bit of diversity there; I think there were more than 700 people attending a whole range of sessions.
2.20
At the public hearing on 9 February 2018, the Department of Home Affairs informed the Committee that it had committed to meet with representatives from the APGA and the WSAA, and ‘engage more deeply with them’.