惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Hacker News
The Hacker News
Martin Fowler
Martin Fowler
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
U
Unit 42
F
Full Disclosure
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recorded Future
Recorded Future
Security Archives - TechRepublic
Security Archives - TechRepublic
阮一峰的网络日志
阮一峰的网络日志
T
Threatpost
P
Privacy International News Feed
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
MongoDB | Blog
MongoDB | Blog
I
Intezer
Recent Announcements
Recent Announcements
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Privacy & Cybersecurity Law Blog
A
Arctic Wolf
博客园 - 聂微东
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
H
Help Net Security
S
Schneier on Security
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
T
Tor Project blog
月光博客
月光博客
NISL@THU
NISL@THU
A
About on SuperTechFans
Spread Privacy
Spread Privacy
Blog — PlanetScale
Blog — PlanetScale
D
DataBreaches.Net
雷峰网
雷峰网
C
CXSECURITY Database RSS Feed - CXSecurity.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
G
Google Developers Blog
W
WeLiveSecurity
P
Palo Alto Networks Blog
The Last Watchdog
The Last Watchdog
K
Kaspersky official blog
博客园 - 司徒正美
L
LINUX DO - 热门话题
小众软件
小众软件

Government

Qld government announces new digital project governance bodies Child protection advocates call for faster action on digital duty of care laws Cyber resilience a key plank of new Nakamal Agreement between Vanuatu and Australia ACMA targets SMS scams, emergency services, and telco protections in 2026–27 compliance agenda Exclusive: Pauline Hanson’s One Nation party quietly deletes Labor hacking claims Privacy Commissioner rules Medmate and Monash IVF breached privacy law through tracking pixels Australia’s Department of Parliamentary Services has only “partly effective” cyber security stature, audit finds Australian government, Microsoft sign agreement strengthening cyber security Tony Burke announces ‘new program of work’ under Horizon 2 of the Australian Cyber Security Strategy AFCA to become Australia’s central scams complaints body under new prevention framework Pentagon’s new Department of Defense Cyber Defense Command could be a good model for Australia Be counted: Australia’s next census faces cyber security shortcomings Aussie government proposes automatic reimbursement for scam losses below $3,000 Op-Ed: Australia’s cyber law is stuck in the past – the Slay Review is our chance to fix it ACCC welcomes another year of funding for the National Anti-Scam Centre Budget 2026: Expectations around AI, SMB resilience, and national defence Australia strengthens cyber defence in multinational operation New Zealand announces new sanctions against Russian cyber actors, online support platforms Op-Ed: Australia’s next budget must treat cyber resilience as essential infrastructure Australian government establishes new Cyber Incident Review Board US Department of War launches cyber-focused apprenticeship program Australian government stands up new ‘tripartite forum’ to tackle AI challenges in the workforce Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations ADF strengthens skills as Cyber Command marks 2 years of operation Op-Ed: Australia inspired the EU’s online age restrictions, now it’s time for us to learn from them Latitude Financial faces $3.96m fine over spam law breaches Kid stuff: Roblox to introduce safety improvements following Aus government warnings Report: Aussie youth increasingly turning to AI for mental health advice First draft of Children’s Online Privacy Code made public Kids’ stuff: OAIC releases exposure draft of Children’s Online Privacy Code Aussie telco consumer code to be replaced in favour of ‘stronger protections’ Cyber, defence cooperation key plank of new EU–Australia partnership Q&A: ‘Just be mindful that people are interested in you,’ says Sarah Sloan Trump releases US National Cyber Strategy CISO for Department of Health and Aged Care retires FIIG Fined: Federal Court orders $2.5M penalty for cyber security failures US CISA in a bad way as a new acting head is appointed Who is on the frontline when it comes to AI policymaking in Australia? Australian government unveils 5-year deal with Microsoft to lock in pricing and support AI adoption Australia, Samoa sign memorandum of understanding on cyber cooperation
Government proposes 5 changes to SOCI Act in overhaul of ministerial directions powers
david.hollingworth@momentummedia.com.au (David Hollingworth) · 2026-03-26 · via Government

A newly released consultation paper suggests “targeted reforms” such as disclosure delays and restrictions on “high-risk vendors”.

The Australian federal government’s Department of Home Affairs has released a consultation paper introducing a platform of five reforms to the Security of Critical Infrastructure Act 2018, or SOCI Act.

The paper outlines proposed reforms to the ministerial directions powers under the act, a key legislative framework designed to protect critical infrastructure from national security threats such as cyber attacks, espionage, and sabotage.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

The reforms are part of a broader 2026 review aimed at improving the act’s flexibility, clarity, and responsiveness to an increasingly complex and rapidly evolving threat environment.

The SOCI Act allows the Minister for Home Affairs to issue directions to critical infrastructure entities in serious situations, typically as a “last resort” when other regulatory mechanisms are insufficient.

The review found, however, that while the framework is effective overall, the current directions can be complex, unclear in scope, and not sufficiently adaptable to modern and emerging risks.

The consultation paper proposes a package of five targeted reforms to enhance how these powers operate. The reforms seek to strike a balance between enabling swift government intervention during crises and maintaining industry confidence and accountability.

A key proposal is to clarify the threshold for issuing a direction, including when a situation qualifies as a serious national security risk. This aims to give infrastructure operators greater certainty about when government intervention may occur. Closely related is a proposal to better define the scope of directions, ensuring they are tailored to specific risks and do not extend unnecessarily into broader business operations.

Another major reform area focuses on procedural safeguards and transparency. The paper proposes clearer requirements for consultation with affected entities where feasible, as well as stronger documentation and oversight of decisions. This is intended to ensure that directions are used only when genuinely necessary and that their use can be scrutinised.

The reforms also aim to improve operational flexibility, allowing directions to be used more effectively across a wider range of scenarios, including complex, multi-sector incidents. As critical infrastructure systems become more interconnected, risks are less likely to be isolated to a single asset or sector, necessitating more agile intervention tools.

Importantly, the paper acknowledges industry concerns about the potential burden and impact of directions. It emphasises that powers should remain a measure of last resort, used only when no other regulatory or cooperative options are sufficient.

The consultation seeks feedback on how to minimise compliance costs, avoid duplication with existing regulations, and ensure that entities are not subject to conflicting obligations.

Disclosure delays and vendor restrictions

Digging a little deeper, one of the key aspects of the proposed reforms is delaying continuous disclosure requirements under the act.

“Currently, there is no mechanism used by the Australian Securities and Investments Commission (ASIC) or available to the government to temporarily delay disclosure solely to prevent broader harm. The government is considering a limited, time-bound power to delay an entity’s disclosure obligations under the Corporations Act 2001,” the consultation paper said.

“The intent is not to shield entities from commercial impacts, but to prevent disclosure from compromising national security, including significant flow-on impacts across the economy. Similar powers exist internationally, including in the United States.”

The government is also proposing restrictions on products, vendors, and services that it considers to pose a “high risk” to Australian entities and operators.

“The government is considering a vendor-risk direction power to enable coordinated action where a specific vendor or its products, equipment, services or technologies presents a material risk to national security,” the paper said.

“This power would ensure systemic supply chain vulnerabilities can be managed consistently across affected critical infrastructure entities and sectors.”

Arguably, the most controversial element of the paper, however, is the provisions for increased civil penalties where entities are found to be non-compliant with a ministerial direction.

“The government is seeking views on increasing the maximum civil penalty for non-compliance with a ministerial direction under Part 3 to 2,000 penalty units, aligning it with the enforcement framework already operating in Part 2D of the SOCI Act for carriers and carriage service providers,” the government said.

“Restoring an effective and balanced deterrence regime across asset classes ensures that all entities are sufficiently motivated to comply. Importantly, the courts’ discretion to calibrate penalties to the misconduct’s magnitude and circumstances is preserved. This change would be accompanied by guidance to industry on expectations for compliance with directions and would apply prospectively.”

You can read the full consultation paper here.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

Tags: