ABSIA made a submission to the Protecting Critical Infrastructure and Systems of National Significance consultation on 16 September 2020. This submission included input from members, ABSIA's government relations sub-committee and Board members.
In summary, this submission made the following points:
- Payroll, superannuation and eInvoicing networks should be classified as regulated critical infrastructure;
- The current definition of critical infrastructure is too broad and needs to be more focused;
- Existing security standards such as the ATO's DSP Operational Framework and the Security Standard for Add-on Marketplaces (SSAM) currently satisfy the PSO meaning there is no need for additional regulatory frameworks for these entities;
- The preferred regulator for payroll / Single Touch Payroll (STP) may not be the owner and operator, in this instance, the ATO. We suggest an association like ABSIA instead;
- We see the main benefits as threat intelligence sharing, access to expertise and assistance if our members are subject to an attack. However, for all participants, more information is needed about the expected benefits for them;
- To support what is currently outlined in the legislation, detailed scenarios are needed for when the government can get involved in immediate and serious threats; and
- Overall, we support the government's increased involvement in the security of critical infrastructure and the support they can provide to industry participants and stakeholders.
A full copy of this submission can be accessed here.