Share this article on:
As part of the nation’s cyber security strategy, the Department of Home Affairs has announced that it will be establishing a Cyber Incident Review Board.
The board will mimic the design of other international and domestic agencies, such as the US Cyber Safety Review Board, and will be responsible for running investigations into major cyber attacks in an effort to gain a better understanding of how to defend the nation from threat actors.
These investigations will be classed as “no-fault”, meaning they aren’t designed to call out or prosecute a breached organisation but purely to collect information and better Australia’s cyber defences.
For this, the new laws will limit the amount of information accessible by other government entities after it is shared with the National Cyber Security Coordinator and the Australian Signals Directorate.
“When a cyber incident occurs, every moment matters. That’s why we are making it easier for businesses to get the advice and support they need,” said Minister for Home Affairs and Cyber Security Clare O’Neil.
“And we need to capture lessons learned from cyber attacks so that we can strengthen our national defences and stay ahead of the threat.
“That’s why we will work with industry to establish a Cyber Incident Review Board. It will run no-fault investigations into major cyber incidents to understand how we can reinforce Australia’s national cyber shields.
“Insights and lessons learned from these investigations will be shared with the business community, the wider public, and will be used to improve our country’s cyber resilience.”
Following the investigation, post-incident reports will be generated and then shared publicly into “national threat intelligence-sharing and blocking networks, cyber awareness programs and national cyber exercises”.
Minister O’Neil adds that the board will work with industry to make reporting and getting assistance following a cyber breach much quicker, all as part of the department’s goal of making Australia the most cyber secure nation in the world by 2030.
The announcement of “no-fault” investigations comes as the government looks to prevent the fear of legal consequences deterring organisations from reporting cyber attacks.
In addition to the new board, the government has answered calls for a “legal safe harbour” for breached organisations, with Minister O’Neil telling The Weekend Australian that such a harbour will become legal for “limited use” in the future.
The calls for a safe harbour ignited last week when Deputy Prime Minister and Minister of Defence Richard Marles recommended that some form of safe harbour for breached organisations will give them the confidence to reach out to cyber agencies and watchdogs in the event of a cyber incident.