Wednesday, 20 October 2021 17:25

Govt snubs tech industry, re-introduces cut-down emergency powers bill Featured

By
Govt snubs tech industry, re-introduces cut-down emergency powers bill Image by ds_30 from Pixabay

In what is a snub to the technology industry at large, the Coalition Government has re-introduced the Security Legislation Amendment (Critical Infrastructure) Bill 2020 into parliament for a second reading, not long after three major tech industry bodies urged a significant revision of the bill before it is voted on.

But the government has ignored this plea and followed the advice of the Parliamentary Joint Committee on Intelligence and Security which, on September 30, recommended that the bill be split in order to pass what it characterised as "urgent reforms".

The PJCIS made 14 recommendations about the bill, including that it be split into two parts, saying:

"Bill One for rapid passage – to expand the critical infrastructure sectors covered by the Act, introduce government assistance measures to be used as a last resort in crisis scenarios as well as mandatory reporting obligations; and

"Bill Two for further consultation – including declarations of systems of national significance, enhanced cyber-security obligations and positive security obligations which are to be defined in delegated legislation."

Last Thursday, the Information Technology Industry Council, the Australian Information Industry Association and the Cybersecurity Coalition wrote to Home Affairs Minister Karen Andrews, saying that while their members shared the government's commitment to protecting critical infrastructure against cyber threats, the bill remained "highly problematic and largely unchanged despite extensive feedback from our organisations".

The bill expands greatly the sectors covered by the law, adding communications, financial services, data storage and processing, defence industry, higher education and space technology.

Companies which operate in these sectors would have to compulsorily report to the government if they suffered cyber attacks and also allow government security experts to step in and do what whatever was deemed necessary to stop an attack progressing.

This power is similar to what the FBI exercised in April this year, when it accessed servers to clean up the mess left by attacks on on-premise Microsoft Exchange Server installations.

But the FBI only acted after obtaining court orders; it then accessed hundreds of vulnerable machines in the US and removed Web shells.

The Australian bill does not require any court order for intelligence agencies to act in this manner.

Technology firms have pointed out, during the PJCIS hearings, that government intervention of this kind could often make matters worse. But that appears to have fallen on deaf ears.

The Opposition Labor Party backed the bill, with its defence spokesman, Brendan O'Connor, saying on Wednesday: "In supporting this legislation, Labor is relying upon the intention stated in the bill and as given by the department and indeed by agency heads – that these powers will only be used as a last resort.

"With that in mind, it is very important to emphasise that the PJCIS will be notified and briefed each and every time the government enacts this power and will conduct a full review of the legislation when additional critical infrastructure reforms are introduced by government.

"In evidence provided to the committee, witnesses overwhelmingly indicated their willingness to co-operate with the Australian Signals Directorate."

Vince Connelly, the Liberal member for Stirling in Western Australia, expectedly backed the bill, saying: "Entities will also now be required to report cyber security incidents to the ASD, which will enable the latter to build a better picture of the threat environment surrounding Australia's critical infrastructure.

"This, in turn, will allow government to provide better advice and assistance to entities about how they can safeguard critical infrastructure. The public expects the Australian Government will protect the nation if a cyber incident affects Australia's critical infrastructure and results in serious threats to Australia's interests.

"Even if a critical infrastructure entity is doing all it can to protect itself and the services that it provides, we recognise that there are some threats that are beyond the capabilities of critical infrastructure operators themselves to mitigate."

Labor's Tim Watts, the shadow assistant minister for Communications and Cyber security, cited comments made by an Amazon Web Services representative during the PJCIS hearings, pointing out that a company representative had said, "... there is a deeper underlying assumption in the entire bill here that seems to be this: if something bad happens to a critical piece of Australia's infrastructure, then the government is capable of stepping in and fixing that bad thing. In many instances, we think there's a really big risk of the government stepping in and misunderstanding how the regulated entity operates, and maybe making things worse—so creating more or new problematic security incidents than are at risk in the process."

He also referred to comments made by a Microsoft representative during the hearings: "Microsoft explained the risk of installing foreign software on a network and said: 'Doing so in the context of the data storage or processing sector with hyperscale cloud providers – these are interdependent systems. They will introduce vulnerabilities. We think it's going to potentially be a source of substantial third-party risk that we may have to mitigate for from the government if there is uncertainty on how these powers may be used'."

Watts referred to what Google had said during the hearings as well: "Similarly, representatives of Google said: 'What we need is information and collaboration, because the only software that's safe to operate in a Google or hyperscale cloud environment is our software and our systems that have been tested and vetted'."

However, Watts did not raise any objection to the passage of the bill.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments