iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Today (25 November, the Albanese government passed Australia’s first standalone Cyber Security Act.
The act, launched as part of the 2023–2030 Australian Cyber Security Strategy, aims to address gaps in Australia’s cyber resilience and move towards the government’s goal of making Australia the most cyber secure country in the world.
“The Australian government is delivering on its commitment to secure Australia’s cyber environment and protect our critical infrastructure,” said Minister for Cyber Security Tony Burke.
“The government has passed into law Australia’s first standalone Cyber Security Act, a key pillar in our mission to protect Australians from cyber threats.
“This package forms a cohesive legislative toolbox for Australia to move forward with clarity and confidence in the face of an ever-changing cyber landscape.”
The Cyber Security Act will execute seven initiatives first introduced under the Cyber Security Strategy.
Most notable is the introduction of the “limited use” obligation, which will outline restrictions imposed on the Australian Signals Directorate (ASD) and the National Cyber Security Coordinator for how information shared by organisations that have suffered a cyber attack can be used, potentially protecting them from being punished and encouraging organisations to report incidents.
“Close cooperation between government and industry is one of our best defences against malicious cyber activity. In the wake of a cyber security incident, businesses need to know that they can call on government to quickly get the support they need,” said Minister Burke.
“The Cyber Security Act marks an important step in bringing Australia’s cyber laws into the 21st century.”
Certain organisations will also be required to report when they pay a ransom to threat actors, allowing cyber professionals to better understand how threat actors operate.
Additionally, the legislation will allow for the cyber security minister to set cyber security standards for smart devices to guide Australians on buying more secure devices and will see a Cyber Incident Review Board (CIRB) established to “conduct no-fault, post-incident reviews” of major, high-profile cyber security incidents and make recommendations to deal with future incidents.
The Security of Critical Infrastructure Act 2018 (SOCI) will also be reformed, simplifying the sharing of information between government and industry, including the regulation of telcos into the act, expanding the government’s last resort powers to allow it to better deploy aid in the event of a critical infrastructure cyber attack and allow the government to direct entities to deal with major flaws in their risk management programs.
Be the first to hear the latest developments in the cyber industry.
