A group of international technology associations, including the Australian Information Industry Association, have written to Home Affairs Minister Karen Andrews with concerns about government fast-tracking parts of the Critical Infrastructure Bill.
The Washington DC-based Information Technology Industry Council, the Cyber Coalition and the AIIA have urged government not to fast-track troubling provisions of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 that would allow the government to take control of critical infrastructure assets and require security incidents to be notified within a 12-hour period.
The associations said the Bill remained “highly problematic and largely unchanged” despite the extensive feedback of their organisations, and that without revision, the Bill would create unworkable obligations and set “a troubling global precedent.”
“Our members share the Australian Government’s commitment to protecting Australians and Australia’s critical infrastructure against cyber threats,” the associations said in the letter to Minister Andrews.
“However, these two provisions would not accomplish that goal, would have significant unintended consequences that would decrease security in practice, and would set dangerous global precedents,” they said.
“We are disappointed by the recent report from the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which recommended that the elements of the Bill which caused the most concern for industry stakeholders – namely the government assistance powers granted under Part 3A and incident reporting obligations – be fast-tracked and pushed through as a separate Bill, without further public consultation.
“As representatives of member companies that include both Australian and international companies, we urge the Australian Government to reject this recommendation and to seriously consider our recommendations below.
The Information Technology Industry Council was founded in 1916 in Chicago as an association of office appliance makers but has evolved over time and is now Washington DC based and primarily representative of global software giants, predominantly headquartered in the US.
The Cybersecurity Coalition is a Washington-based collective of software companies that works with policymakers to promote a robust cybersecurity ecosystem and to support the development and adoption of cybersecurity innovation.
AIIA policy and advocacy general manager Simon Bush said the legislation was complex and that industry and legislators needed more time to work through the impact of this important policy – a point that the PJCIS had itself made about the Critical Infrastructure Bill.
“The Committee in its report said it: ‘faced constraints on its ability to undertake meaningful and considered analysis of the considerable and varied evidence base regarding the Bill’,” Mr Bush said.
“Legislation as critical and impactful as the SOCI Bill requires meaningful consultation and should not be rushed through by government under the guise of national security – the same national security arguments in fact were made by government when telecommunications powers were rushed through in 2019 which have subsequently never been used.”
“We are disappointed that that the Committee has not recommended any substantive changes to the Part 3A direct action powers around government assistance mechanisms and mandatory notification requirements but do support the splitting of the Bill into two so that government has more time to consult with industry on the positive security and reporting obligations that confront industry.”
The associations strongly recommended that, should the lawmakers move forward with the government assistance provision, they ensure that such assistance powers are subject to a statutorily prescribed mechanism for judicial review and oversight.
Without such a process in place it could undermine the values that Australia promotes internationally and set an undesirable precedent for other governments facing similar national security challenges.
Do you know more? Contact James Riley via Email.