Thursday, 7 December 2017
Security of Critical Infrastructure Bill 2017, Security of Critical Infrastructure (Consequential and Transitional Provisions) Bill 2017; Second Reading
I table the explanatory memorandum relating to the bills and I move:
That these bills be now read a second time.
I seek leave to have the second reading speeches incorporated in Hansard.
The speeches read as follows—
Security o f Critical Infrastructure Bill 2017
Critical infrastructure is integral to the prosperity of the nation.
Secure and resilient infrastructure underpins the effective functioning of Australian society - ensuring we have continuous access to essential services for everyday life, such as food, water, energy and communications.
Foreign involvement in Australia's critical infrastructure plays an important and beneficial role in supporting economic growth. It can also improve productivity by enabling the development of much-needed infrastructure, introducing new technology, allowing access to global supply chains and markets, and enhancing Australia's skills base.
However, while recognising its many benefits, increasing foreign involvement in our national critical infrastructure means that Australia's critical infrastructure is more exposed than ever to sabotage, espionage and coercion.
Foreign involvement can increase a malicious actor's ability to access and control Australia's critical infrastructure. Such access could enable them to target activity in a way that can affect the continuity of services to citizens, as well as having extreme consequences for other dependant infrastructure or defence assets.
In January this year, the government took steps to address these risks by establishing the multi-agency Critical Infrastructure Centre. The centre, housed in the Attorney-General's Department, is a central point for government and industry to better understand and mitigate national security risks to Australia's critical infrastructure.
The centre was established to develop a deeper understanding of the national security risks across our high-risk critical infrastructure sectors, and to develop and implement mitigation strategies. The centre works collaboratively with industry and states and territories to ensure national security risks are being managed in a way that does not inhibit the ability of business to operate in a global economy, and to ensure that Australia remains an attractive place to invest and do business.
To enhance the centre's ability to manage these risks, today the Security of Critical Infrastructure Bill 2017 is introduced. This Bill will support the operation of the Critical Infrastructure Centre and supplement existing federal, state and territory regulations. It will ensure the government has the necessary powers to protect Australia from the national security threats of sabotage, espionage and coercion stemming from malicious foreign involvement in our critical infrastructure.
The bill will apply to a specified set of critical infrastructure assets in the high risk electricity, water, gas and ports sectors approximately 140 assets in total. These reforms build upon and complement measures the government has already taken to manage these same risks in the telecommunications sector, by passing through the Parliament the Telecommunications Sector Security Reforms in September this year. The Attorney-General's Department is working closely with the telecommunications sector during the 12 month implementation period of this legislation.
Overview of key measures
The bill introduces two new measures. Register of critical infrastructure assets
The bill will establish a register of critical infrastructure assets, which will enhance the capability of the centre to understand who owns, controls, and has access to Australia's critical infrastructure. This register will support more proactive management of the risks faced by assets in our high-risk sectors.
The bill will require owners and operators of specified critical infrastructure assets to provide specific, high-level information concerning the ownership and operation of the asset. This will include information on ultimate beneficial owners. This
information is essential to informing a deeper understanding of who has access to, control of, or the ability to influence, the critical infrastructure on which we all rely.
The reporting requirements have been designed to impose a minimal compliance burden on industry.
Given the sensitivity of the information required to be provided and stored in aggregate, the register of critical infrastructure assets will be held on the government's secret network. This will ensure that all information provided for the register, including commercially sensitive information, is kept secure.
Ministerial directions power
The bill also contains a ministerial directions power. This will enable a direction to be issued to an owner or operator of a critical infrastructure asset to mitigate national security risks which cannot be managed through cooperation or existing regulatory mechanisms. It is modelled on a similar power in the telecommunications sector security reforms.
The 'last resort' directions power could be used to direct asset owners and operators to undertake or refrain from certain actions. Importantly, this power is limited to instances where:
- there is a risk identified which is prejudicial to security
- through collaboration, the owner or operator does not or
cannot implement mitigations to address the risk, and
- there are no existing regulatory frameworks that can be used to enforce mitigations.
In this way, it operates as a necessary safeguard to address national security risks where they cannot otherwise be managed.
The bill includes a range of important safeguards. Before a direction is able to be issued, the minister will be required to be satisfied of certain matters, to consult with stakeholders, and to give consideration to a number of factors, including:
- giving primary consideration to a mandatory ASIO adverse security assessment
- being satisfied that the government has negotiated in `good faith'
- consulting directly with, and considering any representations made by, the relevant first minister and state or territory minister and the entity to which the direction applies
- considering the costs to the entity and consequences to services in implementing the mitigation, and
ensuring the direction is a proportionate response to the risk.
The minister's directions power is also subject to judicial review while the ASIO adverse security assessment will be subject to merits review.
Recognising the significance of these reforms, the government has consulted widely over the course of 2017 to ensure the proposed measures are appropriately designed and targeted. The government released an initial discussion paper following the establishment of the centre in February. Consultations were then held with states and territories in the middle of 2017, and an exposure draft of the bill was subsequently released for public consultation.
The bill introduced today reflects the consultation with state and territory governments and industry stakeholders. The government has made some important changes to the bill in response to the exposure draft consultations. This includes refining key definitions, strengthening consultation requirements, and applying the legislation to specific critical assets in the gas sector.
Gas plays the most versatile role in the energy network, and the security and reliability of the electricity sector is reliant on gas supply. Gas, in particular, is relied upon to respond quickly to stabilise unstable networks and respond to periods of high
demand. The application of this legislation will ensure government continues to work closely with industry, states and territories to ensure the ongoing security of our gas systems and networks.
Establishment of a broader security framework
The government's Critical Infrastructure Resilience Strategy recognises that no one party alone can effectively manage risks to critical infrastructure. Ensuring the resilience of Australia's critical infrastructure is a responsibility shared by states and territories, the Commonwealth government and owners and operators of critical infrastructure. The government acknowledges the significant role played by industry and states and territories in working closely together over a number of years to ensure the ongoing resilience of our critical infrastructure.
This bill aligns with the government's clear intention to continue to cooperate and collaborate with all levels of government, regulators, owners and operators of critical infrastructure. It strikes an appropriate regulatory balance by acknowledging the shared responsibility for managing national security risks, while empowering the Commonwealth to
intervene to mitigate a risk where existing regimes cannot be used.
While maintaining competitiveness in a rapidly changing global market is essential, with this bill, the government is taking the steps necessary to strengthen the security and resilience of Australia's critical infrastructure.
Security o f Critical Infrastructure (Consequential And Transitional Provisions) Bill 2017
The Security of Critical Infrastructure (Consequential and Transitional Provisions) Bill 2017 will deal with consequential and transitional matters in connection with the enactment of the Security of Critical Infrastructure Act 2017. Additionally, it will amend the Foreign Acquisitions and Takeovers Act 1975.
Ordered that further consideration of the second reading of these bills be adjourned to 5 February 2018, in accordance with standing order 111.