The security of critical information infrastructure is the top priority for cybersecurity.Law is an important measure and means of ensuring the security of critical information infrastructure.Australia's Security of Critical Infrastructure Act has established a sound institutional framework for the risk protection of critical information infrastructure. Learning from the Security of Critical Infrastructure Act will improve the legal system for China's critical information infrastructure security protection, clarify the objects of protection for critical information infrastructure,design a critical information infrastructure information reporting system, establish a cyber security risk prevention and control mechanism, improve the regulatory system, and enhance cybersecurity awareness, in order to prevent and resolve the major cyber security risks that critical information infrastructure is facing.