Loading

    SOCI Act 2018 for defence

    ​​​The legal obligations you have if you own, operate, or have direct interests in critical infrastructure assets are outlined in the Security of Critical Infrastructure Act 2018 (SOCI Act). The SOCI Act also outlines how the government can support you if an incident occurs that impacts your critical infrastructure asset. 

    In the defence sector, responsible entities must comply with the obligation to notify data service providers. They must notify their third-party data storage or processing provider that the provider is storing or processing business critical data for a critical infrastructure asset.

    Responsible entities for critical defence industry assets are not required to follow other positive security obligations contained in the SOCI Act.

    The security and resilience of critical defence industry assets are currently managed through existing frameworks and obligations under the Defence Industry Security Program (DISP). The DISP is a non-regulatory risk management program run by the Department of Defence that strengthens security practices in partnership with industry. Existing defence security mechanisms under the DISP are considered sufficient for the majority of defence industry.

    If you own or operate a System of National Significance, you may be subject to Enhanced Cyber Security Obligations (ECSO).

    The SOCI Act also includes Government Assistance measures​. These measures outline how the government can help industry respond to cyber security incidents. These measures only apply to incidents that will cause serious harm to Australia’s prosperity, national security, or defence.

    Defence industry critical infrastructure assets

    Your asset may be a critical defence industry asset if it both:

    • supports or enable a critical defence capability
    • is or will be supplied to the Department of Defence, or the Australian Defence Force, under a contract.

    Critical defence capability can be understood to mean things that are required in connection with the defence or national security of Australia. This could mean:

    • materials
    • technologies
    • networks
    • systems
    • services.