The CISC monitors industry compliance with the Register of Critical Infrastructure Assets.
As required under the existing legislation, owners and operators must continue to provide accurate and up to date information to the Register and must continue to report and comply as normal.
As elements of the Bill are introduced, there will be changes to reporting and compliance for existing registered critical infrastructure assets. There will be new reporting requirements under the Positive Security Obligation and Enhanced Cyber Security Obligations for those Critical Infrastructure assets identified as Systems of National Significance. We will advise owners and operators of their new obligations as elements of the Bill are enacted.
Failure to provide information or meet other obligations or directions can attract a civil penalty. However, the Bill provides protections from penalties for owners and operators who can demonstrate they have taken all reasonable steps to comply.