https://ift.tt/1UaAO0L
The Australian Information Industry Association (AIIA) has broadly welcomed the Department of Home Affairs’ proposed Cyber Security Bill, although it remains wary of Part 3A in the Security of Critical Infrastructure Act that allows step in and intervention powers of the government.
“We therefore oppose its further expansion in this bill to now apply to all incidents impacting critical infrastructure assets and having cascading impacts to other critical infrastructure sector assets,” stated the AIIA.
The removal of the word “cyber” to just incident makes it broad in scope and unclear as to how the Commonwealth can implement such powers, it claimed.
Under the proposed Cyber Security Legislative Package seven initiatives, which will fall under the 2023-2030 Australian Cyber Security Strategy, addresses gaps in current legislation to mandate minimum cyber security standards for smart devices and introduces mandatory ransomware reporting for businesses that make ransom payments.
It will also introduce a ‘limited use’ obligation for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD); and establish a Cyber Incident Review Board.
According to Home Affairs, the package will also progress and implement reforms under the Security of Critical Infrastructure Act 2018 (SOCI Act).
These reforms will clarify existing obligations in relation to systems holding business critical data, provide government assistance measures to better manage the impacts of all hazards incidents on critical infrastructure and simplify information sharing across industry and Government.
This will also introduce a power for the Government to direct entities to address serious deficiencies within their risk management programs and align regulation for the security of telecommunications into the SOCI Act.
When taking the proposed package as a whole the AIIA felt the initiative marks a “significant step forward in safeguarding Australia’s digital infrastructure and ensuring a resilient cyber ecosystem”.
One of the key strengths of the proposed reforms is the emphasis on fostering cooperation between the government and industry in addressing cyber incidents swiftly and efficiently, stated the peak industry body.
The introduction of a voluntary information-sharing framework and limited use obligation, led by the National Cyber Security Coordinator, will help both public and private sectors tackle cyber threats with less fear of punitive civil or criminal action.
AIIA CEO Simon Bush said while the AIIA didn’t agree with all aspects of the new legislation, “we cannot fault the Department for its consultative approach with industry where it has listened to our concerns and narrowed the scope of some of the new regulations to make them more targeted and effective”.
“On balance, we support the legislation despite the further expansion of the Part 3A powers and look forward to working with the regulators moving forward,” he said.