The Times Australia
The Times World News

.
The Times Real Estate

.

Australia has a new cybersecurity agenda. Two key questions lie at its heart

  • Written by Jeffrey Foster, Associate Professor in Cyber Security Studies, Macquarie University

The federal government is pursuing a new cybersecurity agenda in the wake of last year’s major cyber breaches with Optus[1] and Medibank[2].

“For businesses these days, cybersecurity is as important as having a lock on the door”, said Prime Minister Anthony Albanese in opening the government’s cybersecurity roundtable in Sydney on Monday. There, Minister for Cyber Security Claire O’Neil released a discussion paper[3] that seeks to answer questions about the role the government should play in order to improve Australia’s cyber resilience.

Read more: Albanese government to appoint Coordinator for Cyber Security, amid increasing threat to systems and data[4]

The government will also create a National Office of Cyber Security, and a new role based in the Department of Home Affairs – Coordinator for Cyber Security[5].

O’Neil said the government was struggling to find appropriate responses to last year’s major hacks due to a lack of prior policy or regulation[6].

The Optus and Medibank breaches each affected around a third[7] of the Australian population. Hackers leaked personal information including drivers licenses, passports and highly personal medical details.

In both cases, government intervention was necessary, such as by creating methods for people to replace drivers license ID numbers[8].

Prime Minister Anthony Albanese and Minister for Home Affairs Clare O’Neil at the cybersecurity roundtable, February 2023
Albanese and O'Neil at the cybersecurity roundtable. Dean Lewins/AAP

The discussion paper consists of 21 questions, and many focus on how government and industry can work together.

But two questions stand out as critically important.

1. Should the government ban ransomware payments?

Whether ransomware payments should be banned is a complicated question, and one that I’ve covered before[9].

Read more: Australia is considering a ban on cyber ransom payments, but it could backfire. Here's another idea[10]

In short, a blanket ban on all ransomware payments would be unlikely to stop cyber criminals from continuing their attacks. And the damage done to businesses and critical infrastructure could be severe. A legal ban from paying to recover their systems could mean small and medium businesses can’t recover.

O’Neil has previously stated she’s considering a ban[11] on ransom payments. The discussion paper demonstrates a more thoughtful approach.

It suggests the possibility of a distinction between different types of ransomware payment bans. For example, whether the government should prohibit payment to keep stolen data secret, versus payment to unlock a company’s hacked systems. It also asks whether, instead of banning companies from paying ransom, we should instead ban insurance payouts to businesses who fall victim.

2. Should the government be able to commandeer companies’ IT systems?

The Security of Critical Infrastructure Act was introduced in 2018 in response to the growing threat of attacks against the nation’s most important systems. It was more recently expanded to include a total of 11 sectors[12] from electrical grids and telecommunications, to education and data storage.

The act is specifically about securing the systems that our critical infrastructure run on.

But the discussion paper asks whether that should expand to include the personal data held on these systems, and to allow the Australian Signals Directorate to commandeer the IT systems of companies suffering from a hack.

While a seemingly small addition to the act, the inclusion of personal data and expanded Australian Signals Directorate powers could be reaching too far[13].

Specifically, it might include handing over citizens’ personal data held by the telecommunication and health sectors to the government.

What’s more, expansions to the act in 2021 and 2022 to include data storage means virtually any company could fall within its scope.

No specific details of how this potential change could work are included in the discussion paper, but it may be a step with severe consequences.

Anything else I should know?

The discussion paper also calls for simplifying regulations as a priority.

Australia’s data laws are spread across a range of acts: the Privacy Act, the Critical Infrastructure Act, the Telecommunications Act, the National Health Act, and the list goes on. Having the requirements spread out across so many acts makes it difficult for businesses to understand their obligations when it comes to cybersecurity.

What’s more, the paper clearly outlines the need to prioritise cybersecurity workforce training, both in technical and non-technical roles.

Australia has an estimated skills shortage of 30,000 cybersecurity professionals[14].

Read more: What skills does a cybersecurity professional need?[15]

The discussion paper has many suggestions that will likely be welcomed by industry, but clearly some questions raise concerns amongst industry professionals[16] about government overreach.

At the moment, these are just questions. And industry, government and education providers will have a chance to respond to these questions over the next six weeks before decisions are finalised. Hopefully, they’ll be heard.

References

  1. ^ Optus (theconversation.com)
  2. ^ Medibank (theconversation.com)
  3. ^ a discussion paper (www.homeaffairs.gov.au)
  4. ^ Albanese government to appoint Coordinator for Cyber Security, amid increasing threat to systems and data (theconversation.com)
  5. ^ Coordinator for Cyber Security (theconversation.com)
  6. ^ lack of prior policy or regulation (www.abc.net.au)
  7. ^ a third (www.theguardian.com)
  8. ^ replace drivers license ID numbers (www.abc.net.au)
  9. ^ one that I’ve covered before (theconversation.com)
  10. ^ Australia is considering a ban on cyber ransom payments, but it could backfire. Here's another idea (theconversation.com)
  11. ^ previously stated she’s considering a ban (au.finance.yahoo.com)
  12. ^ total of 11 sectors (www.cisc.gov.au)
  13. ^ reaching too far (www.afr.com)
  14. ^ 30,000 cybersecurity professionals (www.abc.net.au)
  15. ^ What skills does a cybersecurity professional need? (theconversation.com)
  16. ^ concerns amongst industry professionals (www.afr.com)

Read more https://theconversation.com/australia-has-a-new-cybersecurity-agenda-two-key-questions-lie-at-its-heart-200714

The Times Features

Understanding the Dangers of Ignoring a Gas Leak

Gas leaks are silent threats lurking within both homes and workplaces. A gas leak occurs when natural gas or any other gaseous substance escapes from a pipeline or containment. T...

Can You Sell Your House Privately in Queensland? Here’s How

Selling a house privately in Queensland is entirely possible and can be a cost-effective alternative to using a real estate agent. While agents provide valuable expertise, their co...

Itinerary to Maximize Your Two-Week Adventure in Vietnam and Cambodia

Two weeks may not seem like much, but it’s just the right time for travelers to explore the best of Vietnam and Cambodia. From the bustling streets of Hanoi to the magnificent te...

How to Protect Your Garden Trees from Wind Damage in Australia

In Australia's expansive landscape, garden trees hold noteworthy significance. They not only enhance the aesthetic appeal of our homes but also play an integral role in the local...

Brisbane Homeowners Warned: Non-Compliant Flexible Hoses Pose High Flood Risk

As a homeowner in Brisbane, when you think of the potential for flood damage to your home, you probably think of weather events. But you should know that there may be a tickin...

Argan Oil-Infused Moroccanoil Shampoo: Nourish and Revitalize Your Hair

Are you ready to transform your hair from dull and lifeless to vibrant and full of life? Look no further than the luxurious embrace of Argan Oil-Infused Moroccanoil Shampoo! In a...

Times Magazine

"Eternal Nurture" by Cara Barilla: A Timeless Collection of Wisdom and Healing

Renowned Sydney-born author and educator Cara Barilla has released her latest book, Eternal Nurture, a profound collection of inspirational quotes designed to support mindfulness, emotional healing, and personal growth. With a deep commitment to ...

How AI-Driven SEO Enhancements Can Improve Headless CMS Content Visibility

Whereas SEO (search engine optimization) is critical in the digital landscape for making connections to content, much of it is still done manually keyword research, metatags, final tweaks at publication requiring a human element that takes extensiv...

Crypto Expert John Fenga Reveals How Blockchain is Revolutionising Charity

One of the most persistent challenges in the charity sector is trust. Donors often wonder whether their contributions are being used effectively or if overhead costs consume a significant portion. Traditional fundraising methods can be opaque, with...

Navigating Parenting Arrangements in Australia: A Legal Guide for Parents

Understanding Parenting Arrangements in Australia. Child custody disputes are often one of the most emotionally charged aspects of separation or divorce. Parents naturally want what is best for their children, but the legal process of determining ...

Blocky Adventures: A Minecraft Movie Celebration for Your Wrist

The Minecraft movie is almost here—and it’s time to get excited! With the film set to hit theaters on April 4, 2025, fans have a brand-new reason to celebrate. To honor the upcoming blockbuster, watchfaces.co has released a special Minecraft-inspir...

The Ultimate Guide to Apple Watch Faces & Trending Wallpapers

In today’s digital world, personalization is everything. Your smartwatch isn’t just a timepiece—it’s an extension of your style. Thanks to innovative third-party developers, customizing your Apple Watch has reached new heights with stunning designs...

LayBy Shopping