•   This Part sets out enhanced cyber security obligations that relate to systems of national significance.

•   The responsible entity for a system of national significance may be subject to statutory incident response planning obligations.

•   The responsible entity for a system of national significance may be required to undertake a cyber security exercise.

•   The responsible entity for a system of national significance may be required to undertake a vulnerability assessment.

•   If a computer is a system of national significance, or is needed to operate a system of national significance, a relevant entity for the system may be required to:

  (a)   give ASD periodic reports of system information; or

  (b)   give ASD event - based reports of system information; or

  (c)   install software that transmits system information to ASD.