The Home Affairs boss says cyber reforms will see government systems classed as critical infrastructure.

Home Affairs boss Mike Pezzullo says planned changes to critical infrastructure laws will extend to some government systems, so that select federal government systems and networks are classified critical infrastructure, alongside nationally significant private sector systems.

“Certain assets and networks within government will be designated as critical infrastructure, so they’ll also be able to be actively defended by the Australian Signals Directorate,” he said in a recent webinar.

The critical infrastructure powers in question come from the 2020 cyber security strategy, and are intended to improve the security and resilience of systems and ensure networks can be defended.

Home Affairs released a consultation paper last month which included its proposed “enhanced regulatory framework” for critical infrastructure and systems of national significance.

The framework extends the definition of critical infrastructure beyond electricity, gas, water and port entities, which have been covered by the Security of Critical Infrastructure Act, to sectors including banking, health, education and food.

Mr Pezzullo also mentioned plans to create a series of “secure hubs” so that there are fewer networks for hostile actors to target.

“We’re looking to consolidate at least the attack surface to better defend it with tighter, fewer hubs, so that the larger players … can form protected environments that ... provide a harder external shell,” he said.

“It doesn’t, of course, obviate the other work you’ve got to do to get protection right down to the endpoint, right down to the device, right down also to the human practices, which … are in some cases more important.”