The Australian government has introduced new cyber security laws. Here’s what you need to know

GL October 9, 2024
The Australian government has introduced new cyber security laws. Here’s what you need to know

gerardaskes/Shutterstock

The Albanese government today introduced long-awaited legislation to parliament which is set to revolutionise Australia’s cyber security preparedness.

The legislation, if passed, will be Australia’s first standalone cyber security act. It’s aimed at protecting businesses and consumers from the rising tide of cyber crime.

So what are the key provisions, and will it be enough?

What’s in the new laws?

The new laws have a strong focus on victims of “ransomware” – malicious software cyber criminals use to block access to crucial files or data until a ransom has been paid.

People who pay a ransom do not always regain lost data. The payments also sustain the hacker’s business model.

Under the new law, victims of ransomware attacks who make payments must report the payment to authorities. This will help the government track cyber criminal activities and understand how much money is being lost to ransomware.

The laws also involve new obligations for the National Cyber Security Coordinator and Australian Signals Directorate. These obligations restrict how these two bodies can use information provided to them by businesses and industry about cyber security incidents. The government hopes this will encourage organisations to more openly share information knowing it will be safeguarded.

Separately, organisations in critical infrastructure – such as energy, transport, communications, health and finance – will be required to strengthen programs used to secure individuals’ private data.

The new legislation will also upgrade the investigative powers of the Cyber Incident Review Board. The board will conduct “no-fault” investigations after significant cyber attacks. The board will then share insights to promote improvements in cyber security practices more generally. These insights will be anonymised to ensure the identities of victims of cyber attacks aren’t publicly revealed.

See also  Australia's yellow international arrival cards are getting a COVID-era digital makeover. Here are 5 key questions

The legislation will also introduce new minimum cyber security standards for all smart devices, such as watches, televisions, speakers and doorbells.

These standards will establish a baseline level of security for consumers. They will include secure default settings, unique device passwords, regular security updates and encryption of sensitive data.

This is a welcome step that will ensure everyday devices meet minimum security criteria before they can be sold in Australia.

A long-overdue step

Cyber security incidents have surged by 23% in the past financial year, to more than 94,000 reported cases. This is equivalent to one attack every six minutes.

This dramatic increase underscores the growing sophistication and frequency of cyber attacks targeting Australian businesses and individuals. It also highlights the urgent need for a comprehensive national response.

High-profile cyber attacks have further emphasised the need to strengthen Australia’s cyber security framework. The 2022 Optus data breach is perhaps the most prominent example. The breach compromised the personal information of more than 11 million Australians, alarming both the government and the public, not to mention Optus.

Cyber Security Minister Tony Burke says the Cyber Security Act is a “long-overdue step” that reflects the government’s concern about these threats.

Prime Minister Anthony Albanese has also acknowledged recent high-profile attacks as a “wake-up call” for businesses, emphasising the need for a unified approach to cyber security.

The Australian government wants to establish Australia as a world leader in cyber security by 2030. This goal reflects the government’s acknowledgement that cyber security is fundamental to national security, economic prosperity and social well being.

See also  'Killer robots' will be nothing like the movies show – here's where the real threats lie

Broader implications

The proposed laws will enhance national security. But they could also present challenges.

For example, even though the laws place limitations on how the National Cyber Security Coordinator and Australian Signals Directorate can use information, some businesses might still be unwilling to share confidential data because they are worried about damage to their reputation.

Businesses, especially smaller ones, will also face a substantial compliance burden as they adapt to new reporting requirements. They will also potentially need to invest more heavily in cyber security measures. This could lead to increased costs, which might ultimately be passed on to consumers.

The proposed legislation will require careful implementation to balance the needs of national security, business operations and individual privacy rights.

The Conversation

David Tuffley does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

Related posts:

  1. The government’s encryption laws finally passed despite concerns over security Law enforcement agencies can force access to your encrypted systems. Flickr/Kārlis Dambrāns, CC BY After......
  2. Albanese government to appoint Coordinator for Cyber Security, amid increasing threat to systems and data Shutterstock The federal government is further stepping up its efforts to improve Australia’s protection against......
  3. An expert reviews the government’s 7-year plan to boost Australia’s cyber security. Here are the key takeaways After lengthy deliberation, the Australian government has released its 2023–2030 Cyber Security Strategy, which aims......
  4. Budget 2022: $9.9 billion towards cyber security aims to make Australia a key ‘offensive’ cyber player MICK TSIKAS/AAP In the 2022 federal budget, Treasurer Josh Frydenberg launched a range of vote-winning......
  5. Facebook or Twitter posts can now be quietly modified by the government under new surveillance laws Shutterstock A new law gives Australian police unprecedented powers for online surveillance, data interception and......
  6. The US navy is still more powerful than China’s: more so than the Australian government is letting on The federal Labor government today used the ALP national conference to address internal dissent over......
See also  Lockdown: mobile data suggests Europeans may not have followed rules as strictly in the second wave

More Stories

We’ve worked out a way of understanding how microbial communities shape life on Earth

We’ve worked out a way of understanding how microbial communities shape life on Earth

GL October 7, 2024
As Yelp turns 20, online reviews continue to confound and confuse shoppers

As Yelp turns 20, online reviews continue to confound and confuse shoppers

GL October 4, 2024
Is your car a threat to national security? It can be – regardless of where it’s made

Is your car a threat to national security? It can be – regardless of where it’s made

GL October 2, 2024

You may have missed

Beat Saber: Britney Spears Music Pack launches today, features 11 songs

Beat Saber: Britney Spears Music Pack launches today, features 11 songs

GL October 9, 2024
Microlearning Formats: A Guide For L&D Professionals

9 Microlearning Formats: A Guide For L&D Professionals

GL October 9, 2024
Metaphor: ReFantazio - a sublime game let down by bizarre technical choices

Metaphor: ReFantazio – a sublime game let down by bizarre technical choices

GL October 9, 2024
Call of Duty: Black Ops 6 Campaign – The Story So Far Pt. 1

Call of Duty: Black Ops 6 Campaign – The Story So Far Pt. 1

GL October 9, 2024
Until Dawn Review

Until Dawn Review

GL October 9, 2024