Home Affairs Minister Karen Andrews has likened proposed changes to the Critical Infrastructure Bill to the fire codes and building regulations that are in place to protect people and assets from fires – saying the nation is facing clear threats from ransomware and cyber attacks.
Responding to the concerns of three global technology industry associations about plans to fast-track changes to the bill, Minister Andrews said; “if we don’t act now, we risk our cyber security falling further behind.”
The Washington DC-based Information Technology Industry Council and the Cyber Coalition, together with the Australian Information Industry Association, wrote to Karen Andrews this week. The letter urged government not to fast-track provisions in the bill that would allow authorities to take control of critical infrastructure assets, and to require security incidents to be notified within a 12-hour period.
“The Morrison Government is committed to benefiting, not burdening Australian businesses. That’s why I’ll always listen to industry and give their recommendations due weight,” Mrs Andrews said in a statement to InnovationAus.
“At the same time, we’re facing a clear threat, and we need to be resolute in tackling it. Cybercrime, ransomware, and attacks on critical infrastructure are already occurring – both in Australia and overseas. If we don’t act now, we risk our cyber security falling further behind,” she said.
“Fire codes and building regulations are a critical first step that keep occupants safe and protect our assets. Once a fire takes hold though, we don’t expect the occupants to fight it – they call the fire brigade.
“In the same way, businesses will continue to have frontline responsibilities for their own cyber security, but – in the event of a major attack – emergency assistance legislation will enable the capabilities and expertise of the Australian Signals Directorate to be called in as a last resort.”
The three technology associations said in their co-signed letter to Mrs Andrews that the bill remained “highly problematic and largely unchanged” despite the extensive feedback from their organisations, and that without revision, it would create unworkable obligations and set “a troubling global precedent”.
“Our members share the Australian Government’s commitment to protecting Australians and Australia’s critical infrastructure against cyber threats,” they said.
“However, these two provisions would not accomplish that goal, would have significant unintended consequences that would decrease security in practice, and would set dangerous global precedents,” they said.
“We are disappointed by the recent report from the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which recommended that the elements of the Bill which caused the most concern for industry stakeholders – namely the government assistance powers granted under Part 3A and incident reporting obligations – be fast-tracked and pushed through as a separate Bill, without further public consultation.
“As representatives of member companies that include both Australian and international companies, we urge the Australian Government to reject this recommendation and to seriously consider our recommendations [contained in the letter to Minister Andrews].”
Do you know more? Contact James Riley via Email.