Foreign involvement in Australia’s critical infrastructure, including through investment, third party contractual arrangements and supply chains, is essential to ensure Australia harnesses global skills and capabilities.
These arrangements, however, can provide a malicious actor with unique levels of access to and control of critical infrastructure assets, which in turn can be used to facilitate espionage, sabotage or exert coercive influence contrary to our national interests and in a way that can be very difficult to detect or attribute.
While the more extreme manifestations of sabotage are unlikely to occur in the current geopolitical context, the level of access and control can facilitate pre-positioning for strategic advantage.
The Security of Critical Infrastructure Act 2018 is designed to manage these national security risks from foreign involvement in Australia’s critical infrastructure in the electricity, gas, water and ports sectors.
The Act aligns with the government-business partnership-approach that underpins Australia’s Critical Infrastructure Resilience Strategy.
This strategy recognises that in most cases neither business nor government in isolation have access to all the information they need to understand and appropriately mitigate risks to the continuity and integrity of services.
This Act ensures that Government has all the necessary information to conduct national security risk assessments as well as the ability to enforce risk mitigations if they cannot be addressed through other means.
To ensure this is the case, the Act introduces three new measures:
- an asset register, which will give the Government visibility of who owns and controls the assets, enabling better targeting of our risk assessments
- the ability to obtain more detailed information from owners and operators of assets in certain circumstances to support the work of the Centre
- the ability to intervene and issue directions in cases where there are significant national security concerns that cannot be addressed through other means.
The measures contained in the Act will apply to both domestic and foreign owned critical infrastructure and take account of Australia’s trade agreements and other international obligations.
The powers in this Act will enable government to better assess the extent of vulnerability across our high priority assets, and work collaboratively with industry to address the kinds of vulnerabilities identified, while maintaining open economic settings and imposing only a minimal and targeted regulatory burden.
For further information please download our fact sheets.