Home topics news Image Credit: Liam Tucker on Unsplash General News General How Australian SMEs can prepare for stricter critical infrastructure regulations James Boddam-Whetham June 3, 2021 The Government has changed the rules: critical infrastructure assets are no longer the exclusive preserve of large corporations, and SMEs need to ensure they are compliant. Over time, we have learned that our most vital assets are dangerously exposed to cyber-attacks and other disruptive events perpetrated by bad actors seeking to harm the national interest or simply extract steep ransoms. The Commonwealth Government has addressed this by pursuing reforms intended to shore up the security of the critical infrastructure sector. The Security of Critical Infrastructure Act (the Act), passed three years ago, ramped up regulatory scrutiny on the ownership and operation of assets classified as critical infrastructure. However, critical infrastructure assets were limited to certain ports, electricity, gas, and water assets. What qualified then as critical in the eyes of policymakers? A bigger footprint meant more importance. Critical electricity assets, for instance, comprised networks, systems, or interconnectors for the transmission or distribution of electricity to ultimately service at least 100,000 customers. But that was before the COVID-19 crisis. If anything, the pandemic demonstrated the criticality of any number of sectors to the nation’s health and wellbeing. The surge in cyber-attacks accompanying the pandemic, often targeting these key sectors, illustrated their extreme vulnerability. Something had to change. Policymakers took up the challenge, proposing amendments to the Act. Currently before Parliament, the Security Legislation Amendment