What obligations you may need to address if you’re a critical infrastructure sector or have been identified to have systems of national significance (SoNS)?
To comply with the Enhanced CyberSecurity Obligations (ECSO), outlined in Part 2C of the SOCI Act.
The following obligations include:
- Developing cyber security incident response plans to prepare for a cyber security incident;
- Undertaking cyber security exercises to build cyber preparedness;
- Undertaking vulnerability assessments to identify vulnerabilities for remediation; and/or
- Providing system information to develop and maintain a near-real-time threat picture.
Note: The ECSO that the Secretary may apply to a SoNS will vary between each SoNS, depending on the specific role and function of that asset.