iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Australia’s Cyber Security Bill is being pushed for “urgent” parliamentary approval, provided some small changes are made.
Last month, Minister for Cyber Security Tony Burke proposed Australia’s first standalone cyber security legislation, which would introduce mandatory reporting for those who paid threat actors ransom, minimum cyber security standards for smart devices, and the establishment of a Cyber Incident Review Board, all as part of seven sections of the 2023–2030 Australian Cyber Security Strategy.
“The creation of a Cyber Security Act is a long-overdue step for our country and reflects the government’s deep concern and focus on these threats,” Minister Burke told media last month.
“This legislation ensures we keep pace with emerging threats, positioning individuals and businesses better to respond to and bounce back from cyber security threats.
“To achieve Australia’s vision of being a world leader in cyber security by 2030, we need the unified effort of government, industry and the community.”
Now, the parliamentary joint committee on intelligence and security (PJCIS) has said it “supports the urgent passage” of the Cyber Security Bill as improving the nation’s cyber security standing and cyber resilience is an “urgent priority”.
“The committee recognises that hardening Australia’s cyber resilience and implementing the 2023–2023 Australian Cyber Security Strategy is an urgent priority of the government and this Parliament,” said PJCIS chair Senator Raff Ciccone.
“Noting the extensive consultation process that the Department of Home Affairs has already conducted – and subject to implementation of the recommendations in this report – the committee supports the urgent passage of the legislative package.”
Within its request for the bill to be quickly passed, the PJCIS has also requested some amendments to the bill, most notably with the proposed ransomware reporting obligations.
“The committee recommends that the Cyber Security Bill 2024 be amended to ensure that the proposed ransomware reporting obligations apply only to the extent that a ransomware incident relates to the reporting business entity’s operations in Australia,” said the PJCIS.
It also requested that the limitations placed on the National Cyber Security Coordinator for the use and sharing of ransom payment reports be defined more clearly and that “ransomware reporting mechanisms are as user friendly and accessible as possible” to entice businesses to report voluntarily.
Additionally, the PJCIS requested that the bill, as well as the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024, be amended to ensure clarity that disclosing ransom payments through reporting “does not amount to a subsequent waiver of legal professional privilege, and the provisions do not limit or affect any right, privilege or immunity that the reporting entity has in respect to any proceedings”.
Be the first to hear the latest developments in the cyber industry.
