Security and critical infrastructure

Government position

  • The primary security requirements for the maritime sector are contained in the Maritime Transport and Offshore Facilities Security Act 2003 (MTOFSA) and the Maritime Transport and Offshore Facilities Security Regulations 2003. The maritime sector entities covered include security regulated ships, port operators, port facility operators, offshore facilities, and offshore service providers. It requires that these entities assess their security risks; have an approved maritime security plan; and report on incidents. The MTOFSA also details levels of maritime security, and maritime security zone and maritime security guard requirements.
  • A subset of ports in Australia have additional security requirements under the Security of Critical Infrastructure Act 2018. It defines 20 ports in Australia as critical assets, and states that these ports are subject to the following measures:
    - Ports to provide operational information for a register of critical assets;
    - Ports to advise the Australian Government should a notifiable event occur at one of the ports; and
    - Ministerial directions power which will allow the Minister for Home Affairs to require an entity that is facing a threat which may have national security implications to undertake or refrain from a certain action within a specified period.
  • The Department of Home Affairs is seeking to amend the Security of Critical Infrastructure Act 2018 to ensure that all critical infrastructure in Australia is identified and that there is adequate risk management of this infrastructure. On 10 December 2020, it introduced the Security Legislation Amendment (Critical Infrastructure) Bill 2020 to Parliament with the key amendments being:
    - Expansion of the number of sectors that are captured;
    - Introduction of a new entity classification system;
    - Positive security obligations for certain entities, including risk management plans and reporting requirements;
    - Enhanced cyber security obligations for certain entities; and
    - Government powers to intervene where certain cybersecurity risks are deemed to be significant to the nation and are not perceived to being adequately controlled by the owner or operator facing the threat.

    As part of this, the Department of Home Affairs is also planning to make reforms to the Maritime Transport and Offshore Facilities Security Act 2003 and the Maritime Transport and Offshore Facilities Security Regulations 2003.

Where does Ports Australia stand?

  • Ports Australia recognises the importance of ensuring that Australia’s ports are secure and the increasing threat of cybersecurity to supply chain operations; and is pleased that the Department of Home Affairs is attempting to address these concerns by reforms to the Security of Critical Infrastructure Act 2018, the Maritime Transport and Offshore Facilities Security Act 2003 and the Maritime Transport and Offshore Facilities Security Regulations 2003. Ports Australia emphasises the need for these reforms to:
    - Define the default responsible entity as the port facility operator, as opposed to the port operator which is currently the default responsible entity;
    - Outline a clear framework for appropriate identification of critical ports and intermodal terminals, and have this duly applied;
    - Ensure aligned governance across sectors, as some entities may be captured under multiple sectors; and
    - Undertake significant industry consultation for sector specific thresholds and obligations.

Related Ports Australia submissions and work

Media Release

Ports Australia releases Coastal Shipping Factsheet

Ports Australia has released its Coastal Shipping Factsheet, an analysis paper on the current state of coastal shipping around Australia and its potential for the future of our supply chain.

A blue arrow
Latest news