Measured approach to infrastructure security regulation welcomed
30 September 2021
All comments to be attributed to Law Council of Australia President, Dr Jacoba Brasch QC
The Law Council supports the measured approach recommended by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to the development and implementation of an expanded regulatory framework for the security of privately owned and operated critical infrastructure assets.
Released yesterday, the PJCIS advisory report on the Security Legislation Amendment (Critical Infrastructure) Bill 2020 makes a number of key recommendations that reflect evidence presented by the Law Council and other submitters during the consultation period.
In particular, the Law Council supports the Committee’s recommendation that the Bill should be split into two so that the measures identified by the Committee as necessary to identify an urgent security cyber security threat can be implemented immediately and others progressed over a longer period of time.
The measures identified by the Committee as urgent include an extraordinary power authorising the Australian Signals Directorate to intervene in cyber security incidents affecting private critical infrastructure assets.
Importantly, the Committee supported amendments to those provisions to address issues of concern identified by the Law Council, including the scope of proposed statutory immunities, clarity of definitions and consultation requirements.
We also strongly support the conclusion of the PJCIS that the balance of the measures in the Bill, which propose to significantly expand both the scope and substance of the regulatory regime, are not ready to proceed at this time.
The Committee acknowledged the significant concerns raised by the Law Council and other submitters, including those who would be subject to the proposed regime. It recommended the Government withdraw these measures from the Bill to enable extensive revision and consultation with key stakeholders. It also supported comprehensive revision to address issues raised by the Law Council about lack of procedural fairness and review rights, clarity of definitions of key terms, and stronger statutory limitations on the ability of the Minister for Home Affairs to make determinations in secret about the regulatory status of particular assets.
Despite these improvements, a number of issues remain outstanding. This includes the need for an independent, rather than Ministerial, authorisation process for the extraordinary powers of Government intervention in cyber security incidents affecting private infrastructure.
The Law Council therefore supports the Committee’s recommendation for further Parliamentary reviews of the legislation, both as part of the Parliamentary scrutiny of the second Bill as well as a more comprehensive review of the entire legislative framework after three years of operation.
P. 0400 054 227