Home Affairs Minister Clare O'Neil has expanded the list of businesses falling under the "Systems of National Significance" category, doubling the count from 87 to 168. 

The action aims to fortify critical infrastructure against cyber threats.

The expansion comes after a six-month grace period, which ended in mid-August, allowing critical infrastructure owners to align with stringent cyber regulations.

Designated organisations are now obligated to develop response plans for cyber incidents, engage in cybersecurity exercises, obtain assessments to identify and rectify vulnerabilities, and share system information with the Australian Signals Directorate (ASD) to maintain a real-time threat assessment.

ASD is also granted emergency control authority as a last resort, stepping in when private systems are compromised and cannot be reclaimed by their owners.

“These declarations follow the government's activation of the Critical Infrastructure Risk Management Program in February 2023,” Home Affairs stated. 

The program requires critical infrastructure asset owners and operators to assess and manage risks associated with their operations.

Businesses subjected to these obligations operate within the energy, communications, transport, financial services, and data storage or processing sectors. 

Several designated firms, including telecommunications companies, underwent assessments to gauge their cybersecurity readiness.

Amidst escalating geopolitical tensions with Russia and China, Australian businesses are bracing for increased cyber threats. 

Australia's military assistance to Ukraine and ongoing military exercises with Japan and the Philippines heighten these concerns.

The evolving challenge faced by organisations lies in the blurred line between nation-state and for-profit hackers. 

Some financial institutions, such as the Commonwealth Bank, are reintroducing transaction delays to counter sophisticated scams that can swiftly drain funds.

To mitigate risks, the Federal Government says it is taking steps to regulate technologies like screen scraping. 

There is also industry apprehension about introducing real-time authorised push payment requests, similar to practices in the UK.

Home Affairs Minister O'Neil has expressed gratitude to the owners and operators of Systems of National Significance for their contribution to making Australia a leader in cybersecurity. 

She says protecting critical infrastructure is a collective responsibility, highlighting the importance of building partnerships with asset owners and operators.