Tuesday, 23 November 2021 11:19

Govt ignores industry protests, passes critical infrastructure bill Featured

By
Govt ignores industry protests, passes critical infrastructure bill Image by Gerd Altmann from Pixabay

The Federal Government has ignored the pleas of technology industry bodies and passed a bill that will enable it to take control of private infrastructure as a last resort in the event of a cyber attack.

The Security Legislation Amendment (Critical Infrastructure) Bill 2020 was passed by the Senate on Monday night, with both the major parties backing it.

The Greens dissented, terming the bill a “greedy little power grab” which did not have the backing of key stakeholders.

After the bill was examined by the Parliamentary Joint Committee on Intelligence and Security, it said, on 30 September, that the legislation should be split up into two, in order to pass what it characterised as "urgent reforms".

The PJCIS said it had made 14 recommendations about the bill, including that it be split into two parts:

"Bill One for rapid passage – to expand the critical infrastructure sectors covered by the Act, introduce government assistance measures to be used as a last resort in crisis scenarios as well as mandatory reporting obligations; and

"Bill Two for further consultation – including declarations of systems of national significance, enhanced cyber-security obligations and positive security obligations which are to be defined in delegated legislation."

Last month, lobby groups the Information Technology Industry Council, the Australian Information Industry Association and the Cybersecurity Coalition wrote to Home Affairs Minister Karen Andrews, saying that while their members shared the government's commitment to protecting critical infrastructure against cyber threats, the bill remained "highly problematic and largely unchanged despite extensive feedback from our organisations".

"We are disappointed by the recent report... which recommended that the elements of the bill which caused the most concern for industry stakeholders — namely the government assistance powers granted under Part 3A and incident reporting obligations — be fast-tracked and pushed through as a separate bill, without further public consultation," the three organisations said.

The law greatly increases the sectors that are covered by the law, to include communications, financial services, data storage and processing, defence industry, higher education and space technology.

Companies in these sectors would have to compulsorily report to the government if they suffered cyber attacks. They would also have to allow government security experts to step in and do what whatever was deemed necessary to stop an attack progressing.

This power is similar to what the FBI exercised in April this year, when it accessed servers to clean up the mess left by attacks on on-premise Microsoft Exchange Server installations.

This was done after obtaining court orders to access hundreds of vulnerable machines in the US and remove Web shells.

But the Australian bill does not require any court order for intelligence agencies to act in this manner.

Scott McKinnel, ANZ country manager for security shop Tenable, said the bill that had passed was an important step forward in protecting the Australian way of life.

"The extension of its definition, from four sectors to a further 11, is key because as we've seen recently, attacks on any of these environments can have dire consequences," he said.

"Many facilities are increasingly interconnecting their operational technology and IT networks to drive innovation. However, they are in desperate need of physical updates because many of these industrial control systems were not built with security in mind. This leaves them vulnerable to attacks which can quite literally shut down operations and trickle into the supply chain.

"While we still have concerns surrounding mandated government assistance powers granted in the Bill, one possible way around this would be for industry to install their own monitoring software that meets government standards instead and share the resulting data with the appropriate government entities.

"Greater emphasis on international collaboration, assessment of risk and collaborative incident response capabilities to tackle the ever-evolving threats can go a long way in bolstering the ability of industry and governments to prevent the most advanced attacks. It's equally critical that security requirements are grounded in consensus-based international standards to ensure alignment with global best practices."

"If recent critical infrastructure attacks have taught us anything, it's that incidents don't only affect the business, the implications are felt society-wide. When it comes down to it, neither government nor industry can tackle this challenge alone, it takes collaboration and co-operation from both sides."

Read 1637 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments