Government introduces landmark cybersecurity legislation
Last week the Australian Government announced the introduction of Australia’s first standalone Cyber Security Act.
With a heightened geopolitical and cyberthreat environment, placing pressure on Australia’s collective cyber resilience and security, the government sees the protection of Australia’s cybersecurity and critical infrastructure as vital to national security and economic stability.
The Cyber Security Legislative Package will implement seven initiatives under the 2023–2030 Australian Cyber Security Strategy, addressing legislative gaps to bring Australia in line with international best practice and take the next step to ensure Australia is on track to become a global leader in cybersecurity.
These measures will address gaps in current legislation to:
- mandate minimum cybersecurity standards for smart devices
- introduce mandatory ransomware reporting for certain businesses to report ransom payments
- introduce a ‘limited use’ obligation for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD)
- establish a Cyber Incident Review Board.
The package will also progress and implement reforms under the Security of Critical Infrastructure Act 2018 (SOCI Act). These reforms will:
- clarify existing obligations in relation to systems holding business-critical data
- enhance government assistance measures to better manage the impacts of all hazards incidents on critical infrastructure
- simplify information sharing across industry and government
- introduce a power for the government to direct entities to address serious deficiencies within their risk management programs
- align regulation for the security of telecommunications into the SOCI Act.
The government says the measures in the legislation were informed by an extensive consultation process, including the release of the Cyber Security Legislative Reforms Consultation Paper in December 2023 and targeted consultation on an Exposure Draft package in September 2024.
The government hopes a unified effort of government, industry and the community will ensure Australia is well positioned to prevent and respond to emerging threats and protect our cyber environment and critical infrastructure into the future.
Austroads' Digital Trust Service positioned for scalable expansion
Austroads' Digital Trust Service can be used to authenticate mobile driver licences issued by...
Home Affairs opens consultation on Zero Trust culture
The Department of Home Affairs has released a consultation paper on embedding a Zero Trust...
Macquarie Government deploys SASE for federal agency
Macquarie Government has expanded its partnership with Netskope following its deployment of the...