Australia looks to improve cyber resilience
Australia is preparing a set of strict cybersecurity laws to improve its defenses against “nation state adversaries and criminal actors,” according to James Paterson, committee chair for the Parliamentary Joint Committee on Intelligence and Security (PJCIS).
The legislation would increase protection for what the country determines as its national infrastructure assets across 11 sectors, including telecoms networks, electricity grids, water, and sewerage, alongside financial services, defence, and healthcare organizations[1].
As part of the process to increase protection, the organizations may need to install third-party software. However, this move has drawn criticism by some that suggest this would actually introduce further security risks into critical organizations.
Therefore, further consultation has been recommended with representatives of critical industries, employee representative bodies and trade unions to discuss the risk management programmes of the potential laws[2].
In the current environment, with the increased risk of cyberattacks due to the conflict in Ukraine, stepping up the protection of those organizations critical to national infrastructure and enshrining this protection in law is a positive step. It is of course also important that the laws do not negatively impact upon the operations of the organizations.
Australia has also announced its biggest ever spend on cybersecurity in its 2022 Budget, with a $9.9bn pledge to double the size of the Australian Signals Directorate. The funds will also reportedly triple the government agency’s offensive cyber capabilities and create 1900 new jobs over the next decade.
From these moves, we can see how the risk of cyberattacks is moving up the agenda on the international stage and how organizations, particularly those providing critical services, will need to be aware of and adhere to new laws and practices to counter the threat.
[1] https://www.ft.com/content/e552819e-e3ea-47a9-ad5e-bf826481fd33
[2] https://www.zdnet.com/article/pjcis-supports-passage-of-second-tranche-of-critical-infrastructure-cyber-laws/