Share this article on:
The government is looking to address the fear of regulatory punishment faced by breached organisations and encourages them to engage with cyber agencies.
According to Deputy Prime Minister and Minister of Defence Richard Marles, some form of “safe harbour” for breached organisations will give them the confidence to reach out to cyber agencies and watchdogs in the event of a cyber incident.
Marles said that the dilemma is that organisations that face a cyber attack need the best advice they can get and that the expert on the subject is the Australian Signals Directorate (ASD).
However, organisations fear that if they disclose a cyber attack to the ASD, they risk facing punishment for other things found in their systems.
“The Australian Signals Directorate is really our expert here,” said Marles.
“Their ability to come in in the moment, to be able to look at the systems, to be able to understand what’s going on is really critical.
“I can understand why companies in that instance want to make sure that whatever ASD comes across is not ultimately then the subject of what any other agency in government might do.”
Marles alluded the safe harbour would prevent company information from being shared with other government agencies.
“This is an issue we are making sure that we get right and will form part of the [government’s] cyber strategy that we announce later in the month,” Marles told the ABC’s AM current affairs.
“If you’re a company and you’re in the midst of a cyber attack, you need the best advice you can get, and the Australian Signals Directorate is our expert here.
“That safe harbour concept is a concept we need to see pursued.
“We need to be building the greatest possible confidence that we can, for companies to interact with [the] ASD in the moment when the attack is happening.”
At the time of writing, there has been no news of official discussion of safe harbour legislation, but Marles said it is “absolutely an area that [the government is] going to examine very carefully.
Marles’ comments come just as the ASD releases its annual Cyber Threat Report, which found that cyber crime reporting has grown by almost a quarter (23 per cent) year on year, meaning an average of 300 reports a day, or 94,000 for the financial year.