Powered by MOMENTUM MEDIA
defence connect logo

Powered by MOMENTUMMEDIA

Powered by MOMENTUMMEDIA

Reforms introduced to bolster national cyber resilience

Reforms introduced to bolster national cyber resilience

A swathe of new proposals have been tabled by the federal government, aimed at strengthening Australia’s cyber defences.

A swathe of new proposals have been tabled by the federal government, aimed at strengthening Australia’s cyber defences.

The Coalition government has tabled reforms to the Security Legislation Amendment (Critical Infrastructure) Bill 2020, designed to improve nationwide responses to cyber attacks on critical infrastructure.

Reforms include the provision of government assistance to industry as a last resort — subject to “appropriate limitations”.

==============
==============

According to Minister for Home Affairs Karen Andrews, emergency assistance or directions would be provided immediately before, during or after a significant cyber security incident to “mitigate and restore essential services”.

“These emergency measures will only apply in circumstances where a cyber attack is so serious it impacts the social or economic stability of Australia or its people, the defence of Australia or national security, and industry is unable to respond to the incident,” Minister Andrews added.

Other reforms include the introduction of a cyber incident reporting regime for critical infrastructure assets, and expanding the definition of critical infrastructure.

If the proposals are ratified, the expanded definition would include:

  • energy;
  • communications;
  • financial services;
  • defence industry;
  • higher education and research;
  • data storage or processing;
  • food and grocery;
  • health care and medical;
  • space technology;
  • transport; and
  • water and sewerage sectors.

Minister Andrews said the amendments are priority areas for the government, forming part of a broader push to bolster cyber resilience.  

“The Morrison government is committed to protecting Australia’s critical infrastructure to secure the essential infrastructure and services all Australian’s rely on – everything from electricity and water, to healthcare and groceries,” she said.

“Recent cyber attacks and security threats to critical infrastructure, both in Australia and overseas, make these reforms critically important.

“They will bring our response to cyber threats more into line with the government’s response to threats in the physical world.”

The minister also noted the importance of strengthening collaboration between public and private sector stakeholders.

“Attacks on our critical infrastructure require a joint response, involving government, business, and individuals, which is why we are asking critical infrastructure owners and operators to help us help them by reporting cyber incidents to the Australian Cyber Security Centre,” Minister Andrews added.

“Implementing these reforms now will allow the government to continue to work with critical infrastructure entities to develop supporting rules to ensure that the second phase of reforms is implemented in a manner that secures appropriate outcomes without imposing unnecessary or disproportionate regulatory burden.”

The introduction of these new amendments come just a week after the government proposed new criminal offences, tougher penalties and a mandatory reporting regime as part of a new and comprehensive Ransomware Action Plan.

Proposals include:

  • Introducing a new stand-alone aggravated offence for all forms of cyber extortion;
  • introducing a new stand-alone aggravated offence for cyber criminals seeking to target critical infrastructure;
  • criminalising the act of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence;
  • criminalising the buying or selling of malware for the purposes of undertaking computer crimes; and
  • modernising legislation to ensure that cyber criminals won’t be able to realise and benefit from ill-gotten gains.

The government also plans to develop a mandatory ransomware incident reporting regime for businesses with a turnover exceeding $10 million per annum.

[Related: Tough new laws to protect Australians against ransomware]

You need to be a member to post comments. Become a member for free today!