Australia’s leading cyber spies will have more options in the event of ransomware or other cyber attacks on critical infrastructure.
The Australian Signaling Authority (ASD), the regulatory body responsible for cyber warfare and information security, will be able to take control of critical infrastructure, including energy, telecommunications and banking systems, under new legislation submitted to Parliament.
The legislation even includes health services and grocery activities in the definition of critical infrastructure and imposes new positive security obligations.
In order for ASD customers to be able to provide assistance, operators of the affected infrastructure will be required to report a serious cyber incident.
According to the Australian newspaper, the critical infrastructure bill will be presented to parliament on Wednesday with the support of the two-part committee that considered it.
Home Secretary Karen Andrews said the proposed measures would ensure the security of the essential services on which Australians depend:
“Cyber attacks and recent threats to critical infrastructure security both in Australia and abroad make these reforms extremely important.”
But a coalition of Australian and international technology industry groups is opposed to the new law. “Without significant revision, the bill will create an impractical set of obligations and set an alarming global precedent,” they wrote in a joint letter.
This year saw a series of high-profile ransomware attacks, including the US-led Colonial Pipeline cyberattack in May, forcing governments around the world to reassess their vulnerabilities and highlight the role of encryption in attacks.
Another ransom attack in May on an Australian meat processing plant, GPS, prompted Australian lawmakers to take a tougher stance. A new ransom action plan released last week will allow Australian authorities to confiscate or freeze financial transactions involving cryptocurrencies related to cybercrime, regardless of country of origin.
The Joint Parliamentary Intelligence and Security Committee said that “the threat of weak cyber-security and malicious cyber-activity has become increasingly apparent in recent years,” with nearly a quarter of reported cyber-security incidents affecting critical infrastructure institutions.