Overview of the SOCI Act

The Security of Critical Infrastructure Act 2018 (SOCI Act), amended earlier this year, is Australia’s legislative framework to strengthen the resilience of nationally significant infrastructure. It now expands beyond traditional sectors (like electricity and water) to include communications infrastructure, meaning telecommunications carriers and carriage service providers (CSPs) are covered.

The Act introduces obligations for asset owners/operators in critical sectors, including:

• Registering critical assets with the Australian Government.
• Risk management programs to identify, prevent, and mitigate risks.
• Mandatory cyber incident reporting for certain events.
• Government intervention powers in extreme cases.

Requirements for Wireless Internet Service Provider Carriers

If a WISP operates as a carrier or carriage service provider servicing over 20,000 services under the Telecommunications Act, it falls within the SOCI Act’s communications sector. Key obligations include:

Asset Registration

WISPs must register critical telecommunications assets (e.g., fixed wireless towers, backhaul connections, data centers and supporting operations) with the Register of Critical Infrastructure Assets maintained by the Cyber and Infrastructure Security Centre (CISC). Registrations include ownership details, operator details, and arrangements for managing/maintaining the asset.

Risk Management Program

WISP providers will also be required to have a critical infrastructure risk management program (CIRMP) to cover cyber security, supply chain, physical security, and personnel risks.

Mandatory Cyber Incident Reporting

Critical incidents will need to be reported within 12 hours. Other cyber incidents (that affect availability, reliability, or integrity of services) will need to be reported within 72 hours.

For telecommunications providers (including WISPs), the critical asset registration obligation is ongoing:

New critical assets must be registered within 6 months of becoming operational.

Further Information on SOCI Act

For further Information on the SOCI Act and the requirements WISPs may need to comply with, go to the Department of Home Affairs, Critical Infrastructure Security Centre website information here.

To assist WISPs that have obligations under the Act, WISPAU has published a guide on registration of assets as well as an asset capture spreadsheet that can be used for submission using the asset submission form that is to be used on the CISC website here.

WISPAU members can login to the WISPAU website and go to the Members Download section to download the guidance document and spreadsheet to assist them with their asset submission requirements.