Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) A relevant official may give the responsible entity for one or more critical infrastructure assets a written direction to vary the entity's critical infrastructure risk management program if the relevant official is satisfied that there are one or more serious deficiencies with the program.
(2) A relevant official is:
(a) the Secretary, unless paragraph (b) applies; or
(b) if there is a relevant Commonwealth regulator that has functions relating to the security of those assets:
(i) the chief executive officer (however described) of that regulator ; or
(ii) an SES employee, or an acting SES employee, in that regulator; or
(iii) a person who holds, or is acting in, a position in that regulator that is equivalent to, or higher than, a position occupied by an SES employee in the Department.
(3) A serious deficiency is a deficiency that poses a material risk to:
(a) national security; or
(b) the defence of Australia; or
(c) the social or economic stability of Australia or its people.
Contents of direction
(4) A direction under subsection (1) must:
(a) specify the serious deficiencies; and
(b) require the responsible entity to vary the entity's critical infrastructure risk management program to address those deficiencies; and
(c) specify the period within which the responsible entity must vary that program, which must be a period of at least 14 days starting on the day on which the direction is given.
Compliance with direction
(5) The responsible entity must comply with a direction under subsection (1).
Note: If the entity is not a legal person, see Division 2 of Part 7.
Civil penalty: 250 penalty units.
Consultation before giving direction
(6) A relevant official must, before giving a direction under subsection (1), give the responsible entity a written notice:
(a) stating that the relevant official is considering giving the responsible entity a direction under subsection (1); and
(b) specifying the serious deficiencies covered by subsection (1); and
(c) invite the responsible entity to give the relevant official, within 14 days after the day the notice is given to the responsible entity, a written submission in relation to the notice.
(7) A relevant official must, in deciding whether to give a direction under subsection (1), have regard to:
(a) any written submission received from the responsible entity within that 14 - day period; and
(b) any action that is taken, or proposed to be taken, by the responsible entity in response to the notice and that is notified to the relevant official within that 14 - day period.
(8) Subsection (7) does not limit the matters to which the relevant official may have regard.
Certain persons to give copy of direction to Secretary
(9) A relevant official covered by paragraph (2)(b) must give the Secretary a copy of any direction the relevant official gives under subsection (1).
Direction not a legislative instrument
(10) A direction under subsection (1) is not a legislative instrument.