Australia’s first standalone cybersecurity law makes reporting of ransom payments mandatory
Australia is set to allow mandatory reporting of ransom payments and new standards for smart devices with new legislation that will allow the government to “keep pace with emerging threats”.
Australian Cyber Security Minister Tony Burke is today (Wednesday, October 9, 2024) set to propose new legislation to the lower house that would result in the country’s first stand-alone law. Cybersecurity law.
The new legislation will introduce mandatory reporting for those who have paid ransom to malicious actors, minimum cybersecurity standards for smart devices and the creation of a Cyber Incident Review Board, all under seven sections of the Australian Cyber Security Strategy 2023-2030.
“The creation of a Cybersecurity law This is a long overdue step for our country and one that reflects the government’s deep concern and focus on these threats,” Burke told media.
“This legislation ensures we keep pace with emerging threats, putting individuals and businesses in a better position to respond and rebound from cybersecurity threats.
“To achieve Australia’s vision of becoming a global leader in cybersecurity by 2030, we need a unified effort from government, industry and the community.”
A key driver of the new legislation is the introduction of ‘limited use’ or ‘safe harbor’ legislation, which will encourage organizations to come forward after a cyber attack and share details with government agencies by limiting their use information shared to support. organization and develop strategies to mitigate cyberattacks in the future.
The government will not be able to immediately use the information shared for regulatory purposes against the organization.
Furthermore, the Cybersecurity law This would introduce a new government power that would require critical infrastructure operators to address major flaws in their risk management programs. These include organizations in the defense industry, financial markets, transportation, utilities such as electricity and water, grocery, and communications.
Power could force companies to hand over information to the government or see the minister direct the actions of critical infrastructure providers when they face a major cyber incident.
Furthermore, the regulation of telecommunications security will be moved within the framework of Security of Critical Infrastructure (SOCI) Act.
In 2022-2023 alone, the Australian Signals Directorate (ASD) said it responded to 143 incidents “committed by entities that identified themselves as critical infrastructure”, a dramatic increase from the 95 reported in years previous ones.
Additionally, the Australian Cyber Security Center (ACSC) said that during the same period, Australia experienced 94,000 reports of cyberattacks, or one every six minutes.