Ravi NayyarJust had a look at the stuff which Home Affairs is consulting on.
🧵
Love the proposed amendments to SOCI pt 3 directions powers: https://www.homeaffairs.gov.au/how-to-engage-us-subsite/files/consultation-on-proposed-amendments-to-ministerial-directions-powers-cirmp/public-consultation-paper-soci-act-ministerial-directions-reforms.pdf
Especially the bits re intervening in corporate governance at CNI people and mapping supply chains, not least since I have written extensively on the need to map software supply chains feeding CNI and identify systemic risks from/within them (eg https://open.substack.com/pub/atechnolegalupdate/p/crowdstrikes-corporate-citizenship?utm_campaign=post-expanded-share&utm_medium=web).
While I appreciate the objectives here, I note national security risk arises from:
- incompetent/reckless/aloof corporate officers, rather than just those being agents of foreign powers
- ditto re vendors, especially Western edge device vendors.
I find intriguing the proposed reforms to the CIRMP rules: https://www.homeaffairs.gov.au/how-to-engage-us-subsite/files/consultation-on-proposed-amendments-to-ministerial-directions-powers-cirmp/consultation-exposure-draft-cirmp-rules.pdf
Because they remind me of the ever-present tension between industry v government over (and for each it is a question of degree) prescriptive versus principles-based regulatory instruments.
A lot of the proposed stuff to flesh out the CIRMP regime makes me wonder why regulated entities didn't already know they _should_ be doing those things as part of a risk-based all-hazards CIRMP.
That said, I'm biased and love explicit supply chain mapping, given my existing work on the same.
