Pezzullo says data localisation will benefit local sector

Home Affairs secretary Mike Pezzullo says data localisation requirements currently under consideration by the federal government could prove fruitful for the local data storage and processing sector in Australia.

Speaking after an address at the department’s own Cyber and Infrastructure Security Conference, Mr Pezzullo remarked that any policy to store certain datasets onshore could have the secondary effect of market growth.

“There are some pros and cons because, obviously, [data localisation] will sometimes come with a cost, but it also tends to grow an industry, namely the data storage and processing industry, so there’s also some upside there as well,” he said on Friday.

Home Affairs secretary Michael Pezzullo

Pezzullo said Home Affairs is “seriously looking at data localisation” for certain datasets, building on comments by Home Affairs minister Clare O’Neil in December that such requirements are “really important”.

The department first called for views on local hosting requirements in a discussion paper exploring a future National Data Security Action Plan, which will likely now form part of the updated cybersecurity strategy.

Global tech giants Amazon Web Services, Meta, Atlassian and Google Cloud and their respective industry associations have argued that data localisation does nothing to improve the security of data and could limit Australia’s access to cutting-edge compute capabilities.

But even without an overarching policy, Mr Pezzullo said “a number of agencies… are looking at using their own powers to enforce data localisation in some cases”, particularly those agencies that have responsibilities for digital health.

Home Affairs is similarly “looking at the extent and expansiveness” of the Security of Critical Infrastructure Act, including “in relation to creating obligations on service providers who might… want to business in Australia but might have storage offshore”, he said.

Mr Pezzullo also used his keynote on Friday to discuss the restructure underway within Home Affairs to focus more closely on issues of cybersecurity and foreign interference, including through the creation of a National Cyber Security Coordinator role.

He said the the National Cyber Security Coordinator will be supported by a new Cyber and Infrastructure Security Group, which will be overseen by former head of the Cyber and Infrastructure Security Centre (CISC) and now deputy secretary, Hamish Hansford.

The group, which will be created on May 1, will bring together cyber security and infrastructure policy, response and coordination and regulation, including the CISC, to allow for an “integrated response” to priorities and initiatives.

“Specifically, the Group will be responsible for supporting the Minister and the Coordinator, once appointed, to deliver and implement Australia’s Cyber Security Strategy,” Mr Pezzullo told the conference.

“An enduring function of the new group will be cyber and infrastructure security partnerships… ensuring that government and industry work together on hardening Australian infrastructure and our economy from cyberattacks and from other hazards.”

Mr Pezzullo said the new group will “lead on scenario-based exercises, stress tests”, as well as provide “cyber incident response and coordination in support of the [National Cyber Security] Coordinator”.

“The coordinator will centrally coordinate the approach to prepare for, and manage the consequences of cyber security incidents. This will include leading the government’s coordination of action in response to major cyber incidents,” he said.

“The coordinator will also lead on ensuring cyber security incident management frameworks are aligned and fit for purpose, and will drive the necessary work across government for clear protocols to manage incidents ahead of them occurring.

“As part of this, the coordinator will also be responsible for identifying and mitigating gaps in whole-of-government mechanisms… Additionally, the Coordinator will support the hardening of Australian government IT as well as ensuring investments in government IT are strategic and appropriate.”

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories