Government passes Australia's first cybersecurity act
Make us a preferred source
Make us a preferred source on Google
The news: The Albanese government has passed Australia’s first standalone Cyber Security Act into law, calling the move a "substantial step" in strengthening the nation's cyber defences and cyber resilience across the economy.
The context: The government said the new laws will ensure Australians can trust their digital products, help break the ransomware business model, support Australian organisations through cyber security incidents, and improve their cyber practices, policies and procedures.
The cybersecurity legislative package also aims to address legislative gaps, bring Australia in line with international best practice, and put the country on track to become a global leader in cybersecurity, the government said.
The laws enact seven initiatives, including:
- Enabling the Minister for Cyber Security to prescribe mandatory cyber security standards for smart devices to give Australians assurance the devices they purchase aren’t putting them at risk;
- Requiring certain businesses to report ransom payments, so government cyber experts can build a better picture of the threat landscape;
- Giving effect to a ‘limited use’ obligation for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD) to facilitate rapid and open sharing of information during a cyber security incident; and
- Establishing a Cyber Incident Review Board (CIRB) to conduct no-fault, post-incident reviews of significant cyber security incidents in Australia and make concrete recommendations to aid in the prevention, detection, response, and minimisation of cyber incidents in the future.
The package also progresses reforms under the existing Security of Critical Infrastructure Act 2018 (SOCI Act) that will:
- Clarify existing obligations in relation to systems holding business critical data;
- Expand existing last resort powers to enable government assistance to manage the impacts of all hazards incidents on critical infrastructure;
- Simplify information sharing across industry and government;
- Enable the government to direct entities to address serious deficiencies within their risk management programs; and
- Integrate regulation for the security of telecommunications into the SOCI Act.
The new package follows the establishment of a National Office for Cyber Security and appointment of a National Cyber Security Coordinator.
What they said: "The Australian Government is delivering on its commitment to secure Australia’s cyber environment and protect our critical infrastructure," said Tony Burke, Minister for Cyber Security.
"The Government has passed into law Australia’s first standalone Cyber Security Act, a key pillar in our mission to protect Australians from cyber threats.
"This package forms a cohesive legislative toolbox for Australia to move forward with clarity and confidence in the face of an ever changing cyber landscape.
"Close co-operation between government and industry is one of our best defences against malicious cyber activity. In the wake of a cyber security incident, businesses need to know that they can call on government to quickly get the support they need."
The source: Home Affairs media release
