Foreign involvement in Australia’s critical infrastructure, including through investment, third party contractual arrangements and supply chains, is essential to ensure Australia harnesses global skills and capabilities.
These arrangements however, can provide a malicious actor with privileged levels of access to, and control of, critical infrastructure assets. In turn these arrangements can be used to facilitate espionage, sabotage or exert coercive influence contrary to our national interest and in a way that can be very difficult to detect or attribute.
While the more extreme manifestations of sabotage are unlikely to occur in the current geopolitical context, privileged levels of access and control can facilitate pre-positioning for strategic advantage.
The Security of Critical Infrastructure Act 2018 is designed to manage national security risks from foreign involvement in Australia’s critical infrastructure. In addition, the Security of Critical Infrastructure Rules 2018 prescribe critical infrastructure assets and provide further information requirements for reporting.
The Act aligns with the government-business partnership approach that underpins Australia’s Critical Infrastructure Resilience Strategy.
This strategy recognises that in most cases neither business nor government in isolation have access to all the information they need to understand and appropriately mitigate risks to ensure the continuity and integrity of services.
The Act ensures that Government has all the necessary information to conduct national security risk assessments as well as the ability to enforce risk mitigations if they cannot be addressed through other means.
To ensure this is the case, the Act introduced three measures:
- an asset register, providing Government with visibility of who owns and controls the assets and enabling better targeting of our risk assessments
- the ability to obtain more detailed information from owners and operators of assets in certain circumstances to support the work of the Centre
- the ability to intervene and issue directions in cases where there are significant national security concerns that cannot be addressed through other means
The measures contained in the Act apply to both domestic and foreign owned critical infrastructure and take account of Australia’s trade agreements and other international obligations.
The powers in the Act enable Government to better assess the vulnerabilities across our high priority assets and work collaboratively with industry to address the vulnerabilities identified, while maintaining open economic settings and imposing only a minimal and targeted regulatory burden.
For further information please see the The Critical Infrastructure Centre and Foreign Investment Fact Sheet.