Summary

Implements the second tranche of changes to Australia's critical infrastructure framework by amending the:

to: provide that specified critical infrastructure assets must adopt and maintain a critical infrastructure risk management program; provide for annual reporting obligations for assets that are exempt from the risk management program obligation; make minor amendments in relation to consultation requirements and immunities; provide for additional cyber security obligations that may be applied in relation to systems of national significance; provide that directions facilitating government assistance to industry in the event of a serious cyber security incident prevail over the requirements of a risk management program; amend provisions that authorise the use and disclosure of protected information; provide that the minister's power to privately declare an asset as a critical infrastructure asset includes a power to require compliance with a risk management program; enable the minister to declare a critical infrastructure asset to be a system of national of significance; and include additional reporting requirements; and to make consequential amendments. Also makes a technical amendment to the .