LIN 23/007
Security of Critical Infrastructure (Naval shipbuilding precinct) Rules (LIN 23/007) 2023
made under section 61 of the Security of Critical Infrastructure Act 2018 (the Act).
Compilation No. 1
Compilation date: 15 February 2024
Includes amendments: Security of Critical Infrastructure (Naval shipbuilding precinct) Amendment (LIN 24/006) Rules 2024
About this compilation
This compilation
This is a compilation of the Security of Critical Infrastructure (Naval shipbuilding precinct) Rules (LIN 23/007) 2023 that shows the text of the law as amended and in force on 15 February 2024 (the compilation date).
The notes at the end of this compilation (the endnotes) include information about amending laws and the amendment history of provisions of the compiled law.
Uncommenced amendments
The effect of uncommenced amendments is not shown in the text of the compiled law. Any uncommenced amendments affecting the law are accessible on the Register (www.legislation.gov.au). The details of amendments made up to, but not commenced at, the compilation date are underlined in the endnotes. For more information on any uncommenced amendments, see the Register for the compiled law.
Application, saving and transitional provisions for provisions and amendments
If the operation of a provision or amendment of the compiled law is affected by an application, saving or transitional provision that is not included in this compilation, details are included in the endnotes.
Modifications
If the compiled law is modified by another law, the compiled law operates as modified but the modification does not amend the text of the law. Accordingly, this compilation does not show the text of the compiled law as modified. For more information on any modifications, see the Register for the compiled law.
Self‑repealing provisions
If a provision of the compiled law has been repealed in accordance with a provision of the law, details are included in the endnotes.
Part 1 Preliminary
This instrument is the Security of Critical Infrastructure (Naval shipbuilding precinct) Rules (LIN 23/007) 2023.
Note Some terms used in this instrument are defined in the Act, including:
(a) asset;
(b) AusCheck scheme;
(c) critical infrastructure asset;
(d) entity;
(e) relevant impact;
(f) responsible entity;
(g) security.
In this instrument:
AusCheck Act means the AusCheck Act 2007.
AusCheck Regulations means the AusCheck Regulations 2017.
background check means a background check under the AusCheck scheme.
CIRMP is short for critical infrastructure risk management program.
CIRMP criminal record has the same meaning as defined in the AusCheck Regulations.
criminal history criteria means the assessment of:
(a) whether the person has a CIRMP criminal record; and
(b) the nature of the offence.
Department of Defence means the Department administered by the Minister administering the Defence Act 1903.
personnel hazard includes where a person acts, through malice or negligence:
(a) to compromise the proper function of the asset; or
(b) to cause significant damage to the asset.
4 Critical infrastructure asset
(1) For paragraph 9(1)(f) of the Act, an asset is a critical infrastructure asset if it is:
(a) within an area identified for the purposes of this section on the map in Schedule 1; and
(b) used for the primary purposes of naval shipbuilding or sustainment.
Note The map in Schedule 1 depicts the Osborne Naval Shipyard precinct on Lefevre Peninsula, South Australia.
(2) For subsection 12L(23) of the Act, the responsible entity for a critical infrastructure asset mentioned in subsection (1) is:
(a) the entity that has been granted exclusive control and use of the asset or the area where the asset is located, under a licence or other contractual arrangement, for such time as the licence or other contractual arrangement remains in force; or
(b) in all other circumstances, Australian Naval Infrastructure Pty Ltd (ABN 45 051 762 639).
5 Application of Part 2A of the Act
(1) For paragraph 30AB(1)(a) of the Act, Part 2A of the Act applies to a critical infrastructure asset mentioned in subsection 4(1).
(2) For subsection 30AB(3) of the Act, Part 2A of the Act applies to a critical infrastructure asset mentioned in subsection 4(1), 12 months after the asset becomes a critical infrastructure asset.
(3) The requirements specified in this instrument for paragraph 30AH(1)(c) of the Act apply to a critical infrastructure asset that:
(a) is mentioned in subsection 4(1); and
(b) is not specified in another instrument for paragraph 30AB(1)(a) of the Act.
6 Relevant Commonwealth Regulator
For paragraph (a) of the definition of relevant Commonwealth regulator in section 5 of the Act, the Department of Defence is specified for a critical infrastructure asset mentioned in subsection 4(1).
Part 2 Requirements for a critical infrastructure risk management program
7 Material risks
For subsection 30AH(8) of the Act, the material risks include the following:
(a) a stoppage or major slowdown of the critical infrastructure asset’s function for an unmanageable period;
(b) a substantive loss of access to, or deliberate or accidental manipulation of, a critical component of the critical infrastructure asset;
Example The position, navigation and timing systems affecting provision of service or functioning of the asset.
(c) an interference with the critical infrastructure asset’s operation technology or information communication technology essential to the functioning of the asset;
Example A Supervisory Control and Data Acquisition (SCADA) system.
(d) the storage, transmission or processing of sensitive operational information outside Australia, which includes:
(i) layout diagrams;
(ii) schematics;
(iii) geospatial information;
(iv) configuration information;
(v) operational constraints or tolerances information;
(vi) data that a reasonable person would consider to be confidential or sensitive about the asset;
(e) remote access to operational control or operational monitoring systems of the critical infrastructure asset.
8 Personnel hazards
(1) For paragraph 30AH(1)(c) of the Act, for personnel hazards, a responsible entity must establish and maintain a process or system in a CIRMP:
(a) to permit a person unescorted access to a critical infrastructure asset mentioned in subsection 4(1) only where:
(i) a background check of the person has been conducted in accordance with section 9; and
(ii) a person has been found suitable to have unescorted access to the critical infrastructure asset in accordance with section 10; and
(iii) an identity card has been issued to a person who meets the requirements in subparagraphs (i) and (ii); and
(b) to collect the identity and contact information for each person who has access to the critical infrastructure asset; and
(c) to record the date, time and duration of access to the critical infrastructure asset by each person; and
(d) as far as it is reasonably practicable to do so—to minimise or eliminate material risks:
(i) arising from a malicious or negligent person; and
(ii) arising from the off-boarding process for outgoing employees and contractors.
(2) For subsection 30AH(12) of the Act, the establishment and maintenance of processes or systems mentioned in subsection (1) is taken to be action that mitigates the relevant impact of personnel hazards on the critical infrastructure asset.
9 Background checks
(1) A background check is required:
(a) before a person is granted unescorted access to the critical infrastructure asset; and
(b) if the person requires ongoing access to the critical infrastructure asset—every 2 years.
(2) For paragraph 30AH(4)(a) of the Act, a background check of a person must be conducted under the AusCheck scheme.
(3) A background check must include an assessment of information relating to the matters mentioned in paragraphs 5(a), (b), (c) and (d) of the AusCheck Act; and
(a) for paragraph 30H(4)(c) of the Act—the criteria against which the information must be assessed are the criminal history criteria; and
(b) for paragraph 30AH(4)(d) of the Act—the assessment must consist of both an electronic identity verification check and an in person identity verification check.
(4) A responsible entity must notify the Secretary if a background check is no longer required for a person.
10 Suitability assessment
(1) Following a background check under section 9, a responsible entity must assess the suitability of a person to have unescorted access to the critical infrastructure asset.
(2) In making a suitability assessment for subsection (1), a responsible entity must consider:
(a) any advice from the Secretary under the following provisions of the AusCheck Regulations:
(i) paragraph 21DA(2)(a);
(ii) paragraph 21DA(2)(b);
(iii) subsection 21DA(4);
(iv) subsection 21DA(5); and
(b) whether permitting the person unescorted access to a critical infrastructure asset mentioned in subsection 4(1) would be prejudicial to security; and
(c) any other information that may affect the person’s suitability to have unescorted access to the asset.
Note A responsible entity may be required to inform the Secretary of a decision to grant or revoke access to a critical infrastructure asset, in certain circumstances—see AusCheck Regulations, section 21ZA.
Schedule 1 Naval shipbuilding precinct
1 Osborne Naval Shipyard
An area within the Osborne Naval Shipyard boundary lines on the following map constitutes an area identified for the purposes of section 4.
Endnotes
Endnote 1—About the endnotes
The endnotes provide information about this compilation and the compiled law.
The following endnotes are included in every compilation:
Endnote 1—About the endnotes
Endnote 2—Abbreviation key
Endnote 3—Legislation history
Endnote 4—Amendment history
Abbreviation key—Endnote 2
The abbreviation key sets out abbreviations that may be used in the endnotes.
Legislation history and amendment history—Endnotes 3 and 4
Amending laws are annotated in the legislation history and amendment history.
The legislation history in endnote 3 provides information about each law that has amended (or will amend) the compiled law. The information includes commencement details for amending laws and details of any application, saving or transitional provisions that are not included in this compilation.
The amendment history in endnote 4 provides information about amendments at the provision (generally section or equivalent) level. It also includes information about any provision of the compiled law that has been repealed in accordance with a provision of the law.
Misdescribed amendments
A misdescribed amendment is an amendment that does not accurately describe how an amendment is to be made. If, despite the misdescription, the amendment can be given effect as intended, then the misdescribed amendment can be incorporated through an editorial change made under section 15V of the Legislation Act 2003.
If a misdescribed amendment cannot be given effect as intended, the amendment is not incorporated and “(md not incorp)” is added to the amendment history.
Endnote 2—Abbreviation key
ad = added or inserted | orig = original |
am = amended | par = paragraph(s)/subparagraph(s) |
amdt = amendment | /sub‑subparagraph(s) |
c = clause(s) | pres = present |
C[x] = Compilation No. x | prev = previous |
Ch = Chapter(s) | (prev…) = previously |
def = definition(s) | Pt = Part(s) |
Dict = Dictionary | r = regulation(s)/rule(s) |
disallowed = disallowed by Parliament | reloc = relocated |
Div = Division(s) | renum = renumbered |
exp = expires/expired or ceases/ceased to have | rep = repealed |
effect | rs = repealed and substituted |
F = Federal Register of Legislation | s = section(s)/subsection(s) |
gaz = gazette | Sch = Schedule(s) |
LA = Legislation Act 2003 | Sdiv = Subdivision(s) |
LIA = Legislative Instruments Act 2003 | SLI = Select Legislative Instrument |
(md not incorp) = misdescribed amendment | SR = Statutory Rules |
cannot be given effect | Sub‑Ch = Sub‑Chapter(s) |
mod = modified/modification | SubPt = Subpart(s) |
No. = Number(s) | underlining = whole or part not |
o = order(s) | commenced or to be commenced |
Ord = Ordinance |
|
Endnote 3—Legislation history
Name | Registration | Commencement | Application, saving and transitional provisions |
Security of Critical Infrastructure (Naval shipbuilding precinct) Rules (LIN 23/007) 2023 | 16 February 2023 | 17 February 2023 |
|
Security of Critical Infrastructure (Naval shipbuilding precinct) Amendment (LIN 24/006) Rules 2024. | 14 February 2024 | 15 February 2024 |
|
Endnote 4—Amendment history
Provision affected | How affected |
section 2 section 4 | rep. LA s48D rs. F2024L00170 |
Schedule 1 | rs. F2024L00170 |