Modern Australian
The Times

Australia has a new cybersecurity agenda. Two key questions lie at its heart

  • Written by Jeffrey Foster, Associate Professor in Cyber Security Studies, Macquarie University

The federal government is pursuing a new cybersecurity agenda in the wake of last year’s major cyber breaches with Optus and Medibank.

“For businesses these days, cybersecurity is as important as having a lock on the door”, said Prime Minister Anthony Albanese in opening the government’s cybersecurity roundtable in Sydney on Monday. There, Minister for Cyber Security Claire O’Neil released a discussion paper that seeks to answer questions about the role the government should play in order to improve Australia’s cyber resilience.

Read more: Albanese government to appoint Coordinator for Cyber Security, amid increasing threat to systems and data

The government will also create a National Office of Cyber Security, and a new role based in the Department of Home Affairs – Coordinator for Cyber Security.

O’Neil said the government was struggling to find appropriate responses to last year’s major hacks due to a lack of prior policy or regulation.

The Optus and Medibank breaches each affected around a third of the Australian population. Hackers leaked personal information including drivers licenses, passports and highly personal medical details.

In both cases, government intervention was necessary, such as by creating methods for people to replace drivers license ID numbers.

Prime Minister Anthony Albanese and Minister for Home Affairs Clare O’Neil at the cybersecurity roundtable, February 2023
Albanese and O'Neil at the cybersecurity roundtable. Dean Lewins/AAP

The discussion paper consists of 21 questions, and many focus on how government and industry can work together.

But two questions stand out as critically important.

1. Should the government ban ransomware payments?

Whether ransomware payments should be banned is a complicated question, and one that I’ve covered before.

Read more: Australia is considering a ban on cyber ransom payments, but it could backfire. Here's another idea

In short, a blanket ban on all ransomware payments would be unlikely to stop cyber criminals from continuing their attacks. And the damage done to businesses and critical infrastructure could be severe. A legal ban from paying to recover their systems could mean small and medium businesses can’t recover.

O’Neil has previously stated she’s considering a ban on ransom payments. The discussion paper demonstrates a more thoughtful approach.

It suggests the possibility of a distinction between different types of ransomware payment bans. For example, whether the government should prohibit payment to keep stolen data secret, versus payment to unlock a company’s hacked systems. It also asks whether, instead of banning companies from paying ransom, we should instead ban insurance payouts to businesses who fall victim.

2. Should the government be able to commandeer companies’ IT systems?

The Security of Critical Infrastructure Act was introduced in 2018 in response to the growing threat of attacks against the nation’s most important systems. It was more recently expanded to include a total of 11 sectors from electrical grids and telecommunications, to education and data storage.

The act is specifically about securing the systems that our critical infrastructure run on.

But the discussion paper asks whether that should expand to include the personal data held on these systems, and to allow the Australian Signals Directorate to commandeer the IT systems of companies suffering from a hack.

While a seemingly small addition to the act, the inclusion of personal data and expanded Australian Signals Directorate powers could be reaching too far.

Specifically, it might include handing over citizens’ personal data held by the telecommunication and health sectors to the government.

What’s more, expansions to the act in 2021 and 2022 to include data storage means virtually any company could fall within its scope.

No specific details of how this potential change could work are included in the discussion paper, but it may be a step with severe consequences.

Anything else I should know?

The discussion paper also calls for simplifying regulations as a priority.

Australia’s data laws are spread across a range of acts: the Privacy Act, the Critical Infrastructure Act, the Telecommunications Act, the National Health Act, and the list goes on. Having the requirements spread out across so many acts makes it difficult for businesses to understand their obligations when it comes to cybersecurity.

What’s more, the paper clearly outlines the need to prioritise cybersecurity workforce training, both in technical and non-technical roles.

Australia has an estimated skills shortage of 30,000 cybersecurity professionals.

Read more: What skills does a cybersecurity professional need?

The discussion paper has many suggestions that will likely be welcomed by industry, but clearly some questions raise concerns amongst industry professionals about government overreach.

At the moment, these are just questions. And industry, government and education providers will have a chance to respond to these questions over the next six weeks before decisions are finalised. Hopefully, they’ll be heard.

Authors: Jeffrey Foster, Associate Professor in Cyber Security Studies, Macquarie University

Read more https://theconversation.com/australia-has-a-new-cybersecurity-agenda-two-key-questions-lie-at-its-heart-200714

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...

Why Material Handling Hose Is Critical for Industrial Efficiency

A high-performance material handling hose is an essential component in industries that transport abrasive, dry, or bulk materials on a daily basis...

How to Choose the Right Lawyer in Melbourne for Your Situation

Choosing legal support can feel difficult, especially when the stakes are personal or business-related. The right lawyer in Melbourne should underst...

Hoteliers Look to Clever Value Adds to Increase Revenue

The Australian hospitality industry is still in recovery mode after a notoriously rough patch in recent years. While there has been a post-COVID tra...

Moving to Queensland? Here’s How to Prep Your Car for the Big Move North

There’s no sign of the northern migration slowing down, with thousands of southerners fleeing from chaotic lifestyles and cooler climates for a brig...

Diesel Shortage to Impact Trades and Contractors

Strait of Hormuz blockage affecting all major parts of trades and construction Trades and construction across residential, commercial and industria...

Why Holiday Home Owners Turn to Rental Management Agents

The Allure — and the Reality — of Renting Out Your Property Owning a holiday home is a dream for many Australians. Whether it's a beachside sha...

Why Finding Reliable Doctors In Bundoora Is Important For Long-Term Health

Access to quality healthcare plays an important role in maintaining overall wellbeing and managing health concerns early. Trusted Doctors in Bundoor...

Understanding the Different Types of Car Services: Minor vs Major

When it comes to car maintenance, one of the most important things every vehicle owner should understand is the difference between a minor and a maj...

How Superannuation and TPD Insurance Work Together

Superannuation is an essential part of financial planning in Australia. It is designed to provide individuals with income during retirement, helping...

Tiny Towns funding granted for Mt Hotham and Mt Buller upgrades

Alpine Resorts Victoria (ARV) has welcomed funding support from the Victorian Government’s  Tiny Towns Fund, with both Mt Hotham and Mt Buller se...

Locksmith Services: Why Professional Security Solutions Matter More Than Ever

Security is a critical concern for homeowners, businesses, and vehicle owners alike. Whether it involves protecting a property, replacing damaged lo...

Why Tooth Fillings Are Important For Protecting Damaged Teeth

Cavities and minor tooth damage are common dental problems that can worsen if left untreated. Professional tooth fillings help restore damaged teeth, ...