Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) A cyber security exercise is an exercise:
(a) that is undertaken by the responsible entity for a system of national significance; and
(b) that relates to the system; and
(c) that either:
(i) relates to all types of cyber security incidents; or
(ii) relates to one or more specified types of cyber security incidents; and
(d) if the exercise relates to all types of cyber security incidents--the purpose of which is to:
(i) test the entity's ability to respond appropriately to all types of cyber security incidents that could have a relevant impact on the system; and
(ii) test the entity's preparedness to respond appropriately to all types of cyber security incidents that could have a relevant impact on the system; and
(iii) test the entity's ability to mitigate the relevant impacts that all types of cyber security incidents could have on the system; and
(e) if the exercise relates to one or more specified types of cyber security incidents--the purpose of which is to:
(i) test the entity's ability to respond appropriately to those types of cyber security incidents that could have a relevant impact on the system; and
(ii) test the entity's preparedness to respond appropriately to those types of cyber security incidents that could have a relevant impact on the system; and
(iii) test the entity's ability to mitigate the relevant impacts that those types of cyber security incidents could have on the system; and
(f) that complies with such requirements (if any) as are specified in the rules.
(2) Requirements specified under paragraph (1)(f):
(a) may be of general application; or
(b) may relate to one or more specified systems of national significance; or
(c) may relate to one or more specified types of cyber security incidents.
Note: For specification by class, see subsection 13(3) of the Legislation Act 2003 .
(3) Subsection (2) of this section does not, by implication, limit subsection 33(3A) of the Acts Interpretation Act 1901 .