Share this article on:
Sapien Cyber has welcomed the passage of the latest legislation to protect the nation’s critical infrastructure (CI), saying businesses have nothing to fear from requirements to install monitoring software.
According to Michael Counsel, Sapien Cyber’s chief technology officer, the CI legislation provided an important framework for protecting Australians from cyber attacks that have caused widespread disruption, injury and even deaths around the world.
There have been some industry fears over a provision that owners of critical infrastructure may be instructed to install software that reports data back to the Australian Signals Directorate (ASD), but Counsel asserts responsible businesses have nothing to fear.
“Government is ultimately responsible for protecting the community from major attacks and this provision is a reasonable safety net that allows it to step in if the private sector is not doing enough.
“It is a backstop provision – the government will only step in if those organisations are not doing the right thing in protecting the infrastructure that underpins our day-to-day lives.
“What businesses need to understand is this is not the default measure.
“If you don’t want the government meddling in your business, all you have to do is make sure you’ve got the right cyber security and safeguards in place,” Counsel said.
Unlike the Patriot Act, the CI legislation gives businesses the choice to act first and avoid unnecessary government interference and access to their commercially sensitive data.
Businesses must act wisely, Counsel further explained, meaning that focusing on building up sovereign capability, ensuring their security systems are Australian owned and operated, and limiting the exposure of critical operations to insecure or unknown international parties. The CI legislation is very much like the Patriot Act introduced in the United States in the wake of the 11 September terrorist attacks v but with an important element of choice for business.
“In the wake of 9/11, the US introduced the Patriot Act to allow security agencies to access the data systems of any organisation on US soil to monitor for and prevent further terrorist attacks.
“It was a blunt instrument responding to community calls for strong action in the wake of thousands of deaths.
“Cyber attack is the new front for terrorists and other parties wanting to cause widespread disruption,” Counsel added.
An attack on critical infrastructure has a similar potential to cause widespread disruption, injury and even death, Counsel continued, and it is absolutely essential that government and businesses work together to protect us from this impact.
“Let’s be clear, if we had a 9/11-scale cyber attack in Australia, the community would be clamouring for stronger government powers to monitor and protect our critical infrastructure.
“The CI legislation takes us in the right direction but with the benefit of learning some important lessons in the 21 years since September 11,” Counsel concluded.
[Related: Coca-Cola alleged victim of cyber attack by Stormous hacking gang]