Login
iscover
A swathe of new proposals have been tabled by the federal government, aimed at strengthening Australia’s cyber defences.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The Coalition government has tabled reforms to the Security Legislation Amendment (Critical Infrastructure) Bill 2020, designed to improve nationwide responses to cyber attacks on critical infrastructure.
Reforms include the provision of government assistance to industry as a last resort — subject to “appropriate limitations”.
According to Minister for Home Affairs Karen Andrews, emergency assistance or directions would be provided immediately before, during or after a significant cyber security incident to “mitigate and restore essential services”.
“These emergency measures will only apply in circumstances where a cyber attack is so serious it impacts the social or economic stability of Australia or its people, the defence of Australia or national security, and industry is unable to respond to the incident,” Minister Andrews added.
Other reforms include the introduction of a cyber incident reporting regime for critical infrastructure assets, and expanding the definition of critical infrastructure.
If the proposals are ratified, the expanded definition would include:
- energy;
- communications;
- financial services;
- defence industry;
- higher education and research;
- data storage or processing;
- food and grocery;
- health care and medical;
- space technology;
- transport; and
- water and sewerage sectors.
Minister Andrews said the amendments are priority areas for the government, forming part of a broader push to bolster cyber resilience.
“The Morrison government is committed to protecting Australia’s critical infrastructure to secure the essential infrastructure and services all Australian’s rely on – everything from electricity and water, to healthcare and groceries,” she said.
“Recent cyber attacks and security threats to critical infrastructure, both in Australia and overseas, make these reforms critically important.
“They will bring our response to cyber threats more into line with the government’s response to threats in the physical world.”
The minister also noted the importance of strengthening collaboration between public and private sector stakeholders.
“Attacks on our critical infrastructure require a joint response, involving government, business, and individuals, which is why we are asking critical infrastructure owners and operators to help us help them by reporting cyber incidents to the Australian Cyber Security Centre,” Minister Andrews added.
“Implementing these reforms now will allow the government to continue to work with critical infrastructure entities to develop supporting rules to ensure that the second phase of reforms is implemented in a manner that secures appropriate outcomes without imposing unnecessary or disproportionate regulatory burden.”
The introduction of these new amendments come just a week after the government proposed new criminal offences, tougher penalties and a mandatory reporting regime as part of a new and comprehensive Ransomware Action Plan.
Proposals include:
- Introducing a new stand-alone aggravated offence for all forms of cyber extortion;
- introducing a new stand-alone aggravated offence for cyber criminals seeking to target critical infrastructure;
- criminalising the act of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence;
- criminalising the buying or selling of malware for the purposes of undertaking computer crimes; and
- modernising legislation to ensure that cyber criminals won’t be able to realise and benefit from ill-gotten gains.
The government also plans to develop a mandatory ransomware incident reporting regime for businesses with a turnover exceeding $10 million per annum.
[Related: Tough new laws to protect Australians against ransomware]
Charbel Kadib
News Editor – Defence and Security, Momentum Media
Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres.
