Beefed up powers for Australian cyber spies to intervene in major attacks across a wide range of essential services have passed parliament.
Cyber attacks on Australia's critical infrastructure will be expanded to include energy, communications, financial services, defence industry and higher education.
Companies that fall under this definition will have to report all cyber incidents to the Australian Signals Directorate and the government will be able to step in to "protect assets immediately prior, during or following a significant cyber attack".
Senator Jim Molan, a former Army major general, told the Senate no country had seen the full power of China or Russia's cyber capability.
Senator Molan said Australia may only see the full capability of these states in the lead up or during a war.
"These are worrying times. Australia, as a nation, is vulnerable," he said.
The bill passed with the support of the government and Labor but Greens senator Lidia Thorpe spoke out about the bill, calling it a "a half-baked ... greedy little power grab".
Senator Thorpe said the laws would impose excessive and serious obligations on businesses which were not consulted in the lead up to its introduction.
The bill's passing comes a week after the head of the ASD said a quarter of all cyber attacks the organisation responded to were levelled against critical infrastructure like energy, water, telcos and health services.
Director-general Rachel Noble said malicious state actors would attack these systems to try and gather intelligence or implant bugs and malware that would be able to deny, degrade or disrupt these services whenever they choose.
Home Affairs Minister Karen Andrews said there had been a number of cyber attacks on the Australian parliament, hospitals, schools and universities over the past two years but these attacks would not compare to an attack on the national electricity grid or a major international airport.