Share this article on:
Earlier this week, Clare O’Neil MP was sworn in as minister for home affairs and cyber security. Cyber Security Connect’s sister brand, Lawyers Weekly, subsequently spoke with senior lawyers specialising in cyber matters about what is needed for their clients in the coming term of Parliament.
O’Neil – who was sworn in alongside the new attorney-general, Mark Dreyfus QC (following Senator Katy Gallagher’s interim stint in the role) – succeeds former minister Karen Andrews in the cabinet portfolio.
Given the “severe financial and reputational consequences” that cyber attacks can have on business – most notably as seen in a recent Federal Court judgment – and following comments from the UK Attorney-General about the legal justification for defensive cyber attacks against hostile countries, lawyers working in the cyber security space are keen to know how the Albanese government will respond to such concerns in the new term of Parliament.
This is especially pertinent, Herbert Smith Freehills partners Christine Wong, Cameron Whittfield and Peter Jones said, given that we “remain in the eye of a perfect storm”.
“We continue to face a highly complex and dynamic threat landscape. We also have an increasingly complex regulatory landscape impacting Australian businesses that are proving challenging to secure,” the trio told Lawyers Weekly.
“While we are seeing cyber issues become a regulatory priority (they are certainly a key business risk), we are still operating in an environment that lacks certainty around ‘what constitutes good practice’. These issues are consistent across the global landscape.”
The recent RI Advice case is a good example, Wong, Whittfield and Jones went on, where the Federal Court did not provide the judicial guidance they were hoping for (largely given the manner in which that case settled, they added).
“It is very encouraging to see the new government prioritise cyber and make this a key ministerial portfolio. We would like to see the government assist in ‘simplifying’ the cyber regulatory landscape and providing clear guidance to corporate Australia (from small/medium businesses through to large, listed entities) on best practice,” they espoused.
“The Australian government has an opportunity to lead in this space, as it did with the critical infrastructure reforms. Many of the laws in place now are agile enough to manage cyber risks, but we believe clear and practical guidance will go a long way to facilitating cyber resilience uplift across the board. We are only as strong as our weakest link, so it is in everyone’s interest to ‘lift the tide’.”
Allens partner Valeska Bloch said that in order for lawyers such as herself to better support clients, Minister O’Neil needs to prioritise two things: cyber readiness and incident response.
On the former, Bloch said that “given that so many regulators now want to regulate cyber security and incident response activities, greater alignment/standardisation of expectations and audits between regulators”.
On the latter, she said that “in the midst of responding to a cyber crisis would benefit from more streamlined interaction with government agencies. There will be benefit in building a greater understanding of how Home Affairs and relevant government agencies (e.g. the ACSC), law enforcement (including JPC3 and state cyber crime units) and regulators (potentially the OAIC, APRA, ASIC, FIRB etc) intend to coordinate (on their end) their engagement with (and support of) organisations affected by a major cyber incident, so as to minimise the touchpoints for organisations when they are in the heat of a crisis and a lot of urgent issues to tend to”.
Elsewhere, Clyde & Co partner Alec Christie said there is a need for “real and meaningful” consultation with industry and stakeholders under the new government.
That is, he said, “not having two weeks to make comments on draft legislation (to which industry has had no prior input)”.
Moreover, Christie went on, “an overarching approach to assist uniformity and consider how best to achieve the goals with the least complication and complexity (i.e. not new regulation for regulations’ sake … can we use adapt a regulation we already have)”.
“Privacy and cyber regulation should not be so complicated that only a few know what their obligations are and how to implement them,” he submitted.
Clyde & Co principal Chris Mclaughlin supported this, arguing for new apprenticeship schemes for cyber, for those who do not attend university. He also suggested the creation of a “broad cyber security advisory board, beyond the usual suspects that get included”, as well as simplified and broader access to cyber threat intelligence.
[Related: New ‘earn as you learn’ program set to fast-track 1.2k cyber security careers]