Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

SECURITY OF CRITICAL INFRASTRUCTURE ACT 2018 - SECT 30CW

Designated officers may undertake a vulnerability assessment

Scope

  (1)   This section applies if:

  (a)   an entity is the responsible entity for a system of national significance; and

  (b)   either:

  (i)   the Secretary has reasonable grounds to believe that if the entity were to be given a notice under subsection   30CU(1) or (2), the entity would not be capable of complying with the notice; or

  (ii)   the entity has not complied with a notice given to the entity under subsection   30CU(1) or (2).

Request

  (2)   The Secretary may give a designated officer a written request to:

  (a)   undertake a vulnerability assessment in relation to:

  (i)   the system; and

  (ii)   all types of cyber security incidents; and

  (b)   do so within the period specified in the request.

  (3)   The Secretary may give a designated officer a written request to:

  (a)   undertake a vulnerability assessment in relation to:

  (i)   the system; and

  (ii)   one or more specified types of cyber security incidents; and

  (b)   do so within the period specified in the request.

  (4)   Before giving a request under subsection   (2) or (3) in relation to the system of national significance, the Secretary must consult:

  (a)   the entity; and

  (b)   if there is a relevant Commonwealth regulator that has functions relating to the security of that system--the relevant Commonwealth regulator.

Requirement

  (5)   If a request under subsection   (2) or (3) is given to a designated officer, the Secretary may, by written notice given to the entity, require the entity to do any or all of the following things:

  (a)   provide the designated officer with access to premises for the purposes of undertaking the vulnerability assessment;

  (b)   provide the designated officer with access to computers for the purposes of undertaking the vulnerability assessment;

  (c)   provide the designated officer with reasonable assistance and facilities that are reasonably necessary to allow the designated officer to undertake the vulnerability assessment.

Notification of request

  (6)   If a request under subsection   (2) or (3) is given to a designated officer, the Secretary must give a copy of the request to the entity.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback