A new private member’s bill has been proposed, aimed at supporting a co-ordinated response to cyber attacks.
The federal Labor opposition has proposed a private member's bill in the House of Representatives, which would require local organisations to inform the Australian Cyber Security Centre (ACSC) before making a payment to a cyber criminal in response to a ransomware attack.
The Ransomware Payments Bill 2021, introduced by shadow assistant minister for communication and cyber security Tim Watts, aims to support a co-ordinated government response to the growing ransomware threat by better informing law enforcement, diplomacy and offensive cyber operations.
“There is an urgent need for this bill,” Watts said.
“The Australian Cyber Security Centre has labelled ransomware the 'highest cyber threat' facing Australian businesses.
“Indeed, it's more than just a threat to business; ransomware is a significant national security threat in its own right.”
The Labor MP pointed to the “onslaught” of cyber attacks on Australian organisations over the past 18 months, including recent targeting of JBS Foods, UnitingCare Queensland, and the Eastern Health hospital network.
“Talking to the incident responders combating this tidal wave of attacks, it's clear to me that for every ransomware incident you read about in the papers there are a dozen happening outside public view,” Watts added.
The shadow assistant minister also referenced the growing financial burden associated with the spike in ransomware activity, with cyber security firm Emsisoft estimating a cumulative cost to the nation of approximately $1 billion annually.
Watts was critical of the Morrison government’s policy response to the evolving threat environment, which has involved a campaign urging organisations to invest in cyber infrastructure.
He continued: “The current trajectory of these attacks, and the traditional response to them — asking organisations to implement an ever-increasing uplift in cyber-resilience — is inefficient and not sustainable.
“A hospital shouldn't be forced to use more and more of its scarce resources fighting cyber criminals, it should be using its resources to make sick people better.
“The boards and executive teams of our nation should be able to focus on making investments in its core business that create new jobs and increase shareholder returns, rather than constantly ratcheting cybersecurity investments.”
The Morrison government’s policy response has also involved a new data sovereignty push, to protect sensitive information from foreign cyber threats.
The ‘Protecting Critical Infrastructure and Systems of National Significance’ reforms were recently introduced as part of the Security Legislation Amendment (Critical Infrastructure) Bill 2020.
A new Hosting Strategy, overseen by the Digital Transformation Agency (DTA), has also been established, requiring all government data to be stored in onshore data centres with ‘Certified Strategic’ or ‘Certified Assured’ accreditation.
These new certification categories form part of the newly published Hosting Strategy, overseen by the Digital Transformation Agency (DTA).
The framework also requires government data to be managed by cloud and managed service providers based in Australia, in a bid to bolster government controls across supply chains.
[Related: MINDEF unveils new data centre]
News Editor – Defence and Security, Momentum Media
Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres.