The Australian Government is amending the Security of Critical Infrastructure Act 2018 to address the increasing threat environment the nation is facing. The revised bill introduces an enhanced regulatory framework covering eleven sectors, including energy. Central to the revised bill, amongst other things, is the need for organisations to take an all-hazards risk management approach with a focus on cyber and information, physical, personnel, supply chain, and natural hazard risks.
To be successful, organisations will need to meaningfully engage with the reforms to give their Board and the regulator the assurance they require. Rules for individual sectors are being developed on a staged basis with the co-design for electricity and gas having recently been completed and Legal Rules to follow.
It is clear in the current threat environment that prevention and mitigation can only be effective through increased awareness and clarity of what the threats are, combined with strong leadership by the government and industry. While the details and sector-specific rules are still being defined, organisations can start to move forward on a number of activities. Early consideration will give you more time to prepare, identify the resources required and plot a path that enables your organisation to comply and drive enhanced operational excellence in the longer-term.
KPMG is working with the Department of Home Affairs and industry to co-design the rules underpinning the reforms. They have documented a checklist of initial actions to help you prepare.
This sponsored editorial was brought to you by KMPG. For more information, click here.