Share this article on:
Telecommunication companies may soon be classed as critical infrastructure under new legislation, following a major Optus outage last week.
Minister for Home Affairs and Cyber Security Clare O’Neil has said that telcos could soon be covered under the Security of Critical Infrastructure Act (SoCI), which lays out the framework that critical infrastructure operators are required to follow to ensure risks relating to data theft, foreign interference and national security are managed.
Minister O’Neil said that telcos need to be better regulated and that Optus’ almost full-day outage and its massive cyber attack last year have provided the nation with a much-needed wake-up call.
“There’s no question in my mind that when we came to government, telcos weren’t being properly regulated,” said Minister O’Neil in an interview with ABC’s AM current affairs.
“They should always have been subject to strict cyber requirements.”
The SoCI Act lays out a number of obligations that, if new legislation is introduced, would apply to telcos.
This includes the register of critical infrastructure assets, the use of government assistance measures and cyber security incident reporting.
“We are setting tough new laws for our telecommunications companies to make sure that these companies are properly protecting the cyber security of Australian citizens and their data,” added Minister O’Neil.
While Optus has since returned to normal operations and revealed that the cause of the outage was bad route data provided by a third-party international peering network, the incident has raised alarm bells.
One major concern is the lack of compensation for customers affected by the breach. While Optus has said it is providing its post-paid customers with 200 gigabytes of additional data and its pre-paid customers with free data on weekends for the rest of the year, the Senate has raised concerns about the lack of financial compensation for those who have suffered losses as a result of the outage.
According to the Telecommunications Industry Ombudsman (TIO), those affected can receive compensation.
For those making claims of financial loss, the TIO can direct a telco to provide up to $100,000 in compensation, with claims greater than that recommended to engage in legal action.
Those whose complaints concern privacy rights can also be awarded up to $100,000, while other issues have a maximum compensation of $1,500.
About 10.2 million customers and a large number of organisations were affected by the outage, including over 40 hospitals.
“We apologise sincerely for letting our customers down and the inconvenience it caused,” the telco said.