The proposal is one of a raft of ideas in a discussion paper issued to kick off a parliamentary enquiry into proposed changes to the telecommunications interception regime, telecommunications sector security and government intelligence agency legislation. The enquiry is being undertaken by the Parliamentary Joint Committee on Intelligence and Security.
Among other things "The Committee will consult on measures to address security risks posed to the telecommunications sector, and whether the Government needs to institute obligations on the Australian telecommunications industry to protect their networks from unauthorised interference."
According to the enquiry's terms of reference, the Government is seeking the committees' views on amending the Telecommunications Act to address security and resilience risks posed to the telecommunications sector.
This would be achieved by instituting obligations on the telecommunications industry to protect their networks from unauthorised interference and to provide Government with information on significant business and procurement decisions and network designs
The Government would also be given power to direct telcos to mitigate and remediate security risks, with the telcos bearing the cost of doing so. There would be enforcement powers and pecuniary penalties for failure to comply with any new legislation.
The Government view, as set out in the discussion paper, is that the industry is not fully cognisant of the security risks, and that action is needed urgently.
You can read more stories on telecommunications in our newsletter ExchangeDaily, click here to sign up for a free trial...
"Government is concerned that the telecommunications industry is not fully informed about national security risks and is therefore not equipped to respond adequately to these risks," it says. "Australia is at a critical stage of telecommunications infrastructure development driven by the NBN's construction. Delaying action to make [carriers and carriage service providers] aware of managing national security risks will complicate long term management decisions made on the design and procurement of major telecommunications infrastructure, with potential negative impacts on national security."
The Government is proposing a framework for ensuring compliance to any new regime that would require telcos "to be able to demonstrate competent supervision and effective controls over their networks." Such an approach would focus on the ability of a telco to manage the security of its infrastructure and the information held on it.
Under such a regime the Government would provide guidance to assist industry to understand and meet its obligation, and would inform telcos how they can maintain competent supervision and effective control over their networks.
"Provision of general security advice, briefings and the development of guidance would be intended to be an ongoing, iterative process conducted in cooperation with industry, which would reflect evolving technologies and markets," the paper says.
Whatever new security obligations are put in place they would apply to existing and new infrastructure and the Government "recognises that it would need to work closely with industry to ensure that there is a reasonable transition period," the paper says.
Furthermore "Government recognises that a regulatory framework would include a cost to industry, which may increase prices for consumers and it is working to understand these costs through targeted consultation."
The committee is now accepting submissions and will hold public hearings on dates and in locations yet to be determined. Submissions are due by 6 August.