The Security of Critical Infrastructure Bill Part 2, the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) came into effect on 2 April 2022.
The first part of the revised Bill provided additional step in powers for the government in the event of a major cyber security event for all critical infrastructure owners. The latest bill applies to water utilities with greater than 100,000 property connections or that have been Declared by the Minister. It calls up requirements for affected businesses to maintain and update a risk management program, Board attestation on the risk management program, along with requirements for owners of Systems of National Significance.
WSAA provided a joint submission with the Water Services Sector Group (WSSG), the Water Directorates in NSW and Qld, and VicWater. The submission identified a number of gaps in the bill including the inability to share ‘protected information’ (which includes details of the risk management program) with stakeholders, contractors and local government owners, improved terminology, and ability to obtain compensation for commercial losses as a result of a Direction from the Minister or Secretary.
The sector also provided a subsequent submission to the Parliamentary Joint Committee on Critical Infrastructure and Security – Luke Sawtell, Chair of the WSSG and Greg Ryan from WSAA represented the sector at the engagement hearing. A primary concern of all respondents was the short timeframe for engagement and the very limited number of checks and balances in the legislation.