Telco security is the new frontier
Big House rules: New telco legislation should deliver certainty for the industry
The Telecommunications Sector Security Reforms (TSSR) have now passed the Senate after a bipartisan show of support for the legislation that formalises the telecommunications industry’s responsibility to protect their networks.
The Telecommunications and Other Legislation Amendment Bill 2017 were passed after a recommendation from the Parliamentary Joint Committee on Intelligence and Security that aspects of the Bill be clarified.
The Committee first recommended the measures back in 2013, and over the past two years the government carried out two rounds of public consultation prior to the final version of the legislation being passed by the Senate.
Supported in the Senate by the Coalition, Labor and the Nick Xenophon Team, the legislation “formalises and enhances existing information sharing and relationships between government and telecommunications carriers and carriage service providers (C/CSPs) to ensure greater consistency, transparency and accountability for managing national security risks across all parts of the telecommunications sector.”
It provides an important regulatory framework to manage national security risks whilst giving the telco industry clarity and certainty about the role and responsibility of the industry to prevent espionage and foreign interference to Australia’s networks.
Attorney-General George Brandis and Communications Minister Mitch Fifield shepherded the Bill through Parliament at a time of increasing international uncertainty. A joint media release from November 2016 stated that the legislation “strengthens ties with the telecommunications industry, enabling authorities to better identify and respond to national security threats.”
“Australia's national security, economic prosperity and social well-being increasingly depend on the security and resilience of telecommunications services.”
Industry has welcomed the amended legislation.
Of the thirteen amendments made to the Bill in response to recommendations (PDF) by the Joint Committee, the most important included clarification that this legislation would not affect privacy provisions in other legislation, as well as describing what infrastructure would be covered by the Bill and what would not, particularly in relation to “over the top” services and infrastructure being used to store data in foreign countries.
There is still work for the telecommunications industry to do before there is a broad understanding of the impact on the industry.
In November this year, the Telecommunications Association (TelSoc), founded in 1874 as an association that focused on the growing interest in telegraphy, will hold a forum in Melbourne exploring the Telecommunications Sector Security Reforms and the impact that this legislation might have on the broader industry and how it might affect the digital economy.
The TelSoc Chair Professor Reg Coutts stated that the “Telecommunications Sector Security Reforms are a key step towards formalising and enhancing existing information sharing and relationships between government and telecommunications carriers and carriage service providers to ensure greater consistency, transparency and accountability for managing national security risks across all parts of the telecommunications sector.”
“The technical, risk and cost impacts should be explored and a roadmap to deliver on the TSSR measures put in place.”
“There are overlapping responsibilities within the industry, particularly for infrastructure, systems and services and these need to be explored,” said Professor Coutts.
The government has estimated that the annual cost of compliance will be $184,000 for each of the larger telcos, but what of the underlying situation and how will the Telcos be able to provide the compliance guarantee that the government is seeking?
The key issue for the Telcos will be the requirement to “do their best” to protect their networks and systems from interference or unauthorized access and to notify the government of changes that might have a “material adverse effect” on the Telcos ability to comply with the legislation.
As I wrote previously, whilst the Telcos may claim that knowledge of their networks and systems may be commercially sensitive, it is in the nation’s interest that the Attorney General’s Department (AGD) and the Australian Security and Intelligence Organisation (ASIO) are provided with sufficient information to make determinations that are in the national interest.
This does not mean that the government will rush to ban major telecommunications vendors from supplying equipment to local Telcos.
But it is possible that the government may block the use of equipment from some vendors until such time as a thorough security review can be carried out.
The Bill will now pass to the House of Representatives and is expected to be passed into Law during the next sitting of Parliament with bipartisan support.
Dr Mark Gregory is an Associate Professor in the School of Engineering at RMIT University and is the Managing Editor of the Australian Journal for Telecommunications and the Digital Economy, which is published by the Telecommunications Association Inc.