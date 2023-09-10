Home Affairs minister Clare O’Neil has nearly doubled the number of businesses roped-into the “Systems of National Significance” schedule, lifting the number of organisations from 87 to 168 that are now subject to powerful cyber security regulations to better safeguard against attacks.

The fresh round of designations follows the expiry of a six-month grace period in mid-August that was given to critical infrastructure owners to allow them to get their act together to comply with the strict new cyber requirements before the cudgels come out.

Under the new obligations, designated organisations have to create response plans for cyber incidents, prep themselves through cyber security exercises, obtain assessments to identify and fix vulnerabilities and hand over system information to the Australian Signals Directorate (ASD) “to develop and maintain a near-real-time threat picture.”

The powers also, as a last resort, allow ASD to step in and take over emergency control of private systems when private owners have been compromised or controlled and cannot regain control.

“These declarations follow the government switching on the Critical Infrastructure Risk Management Program obligation in February 2023,” Home Affairs said in a statement.

“The Risk Management Program requires owners and operators of critical infrastructure assets to consider all hazards they may face as a business and take tangible steps to manage risks impacting their operations.”

Businesses hit with the obligations come from the energy, communications, transport, financial services and markets, and data storage or processing sectors.

It is understood a number of designated firms, including telcos, were put through their cyber-readiness paces on Friday.

Australian businesses are bracing for renewed cyber attacks on them as the geopolitical temperature increases in relations between both Russia and China, with Australia currently sending military aid to Ukraine to assist with its fight against the Russian invasion.

There are also currently bilateral military exercises with both Japan and the Philippines that follow a major series of wargames in Australia’s north last month.

The issue all organisations face is that the line between nation-state and for-profit hackers is blurring. Banks, including the Commonwealth Bank, have started reintroducing delays to transactions because of the increased sophistication of scams that can now instantaneously leach funds in real time unless they hit a guardrail first.

Labor has also moved to start reining in riskier technologies like screen scraping and there is broad industry wariness around the prudence of allowing real-time authorised push payment requests to be rolled out locally in the same way as they have in Britain.

“I want to thank the owners and operators of Systems of National Significance for helping make Australia the most cyber-secure country in the world,” O’Neil said.

“We are relentlessly focused on safeguarding our country against significant cyber attacks, but it’s not something we can do alone.”

“The protection of our critical infrastructure is a shared responsibility, and these declarations will help to build vital partnerships with the owners and operators of our most important assets,” O’Neil said.

