New Australian Agency Setup for Future Cyber Threats

New Australian Agency Setup for Future Cyber Threats
Minister for Home Affairs and Minister for Cyber Security Clare O'Neil speaks to media in Melbourne, Australia, on Oct. 20, 2022. AAP Image/James Ross
Daniel Y. Teng
Updated:

A national coordinator will deal with large-scale data breaches and cyber hacks in Australia from now on under the Labor government’s plan to counteract cybersecurity problems.

Last year, major Australian organisations were targeted in a series of cyber-attacks—following the Ukraine War—that saw the personal data of millions exposed online, including driver’s licence and Medicare details.

Major companies such as Optus, Medicare, Woolworth’s MyDeal, and the Australian Defence Department were all subject to breaches.

“We arrived in government confronting a real mess with cyber security, so what we saw was different parts of government and the private sector doing important things, but kind of all rowing in different directions,” Home Affairs Minister Clare O'Neill told the ABC Radio on Feb. 27.

“What we will have now is an individual in the public service who is going to coordinate the response across government and make sure that not only are we deterring and preventing cyber-attacks.”

The coordinator will be part of a new national agency for cybersecurity within the Home Affairs department. Yet, it is unclear how it will align with the existing Australian Cyber Security Centre, which already issues public alerts and monitors cyber threats.

New Rules in the Pipeline for Companies to Deal with Cyber Threats

The announcement comes as Prime Minister Anthony Albanese sits down with government and business leaders in a roundtable on cybersecurity.

A consultation paper has been released on how to combat cyber threats, with one proposed change being whether to widen the definition of a critical asset—a standard that attracts direct government intervention to deal with a breach.

Former Telstra CEO Andy Penn, who now chairs the Home Affairs advisory panel on cybersecurity, said more needed to be done in Australia.

“Since COVID, we’ve seen a dramatic increase in the rate of digital adoption, and unfortunately, we’ve also seen a dramatic increase in the rate of cybercrime,” he told ABC Radio.

“It’s just we’ve got to keep up with this growing phenomenon and dirge of malicious activity we’re seeing,” he said while stating tougher penalties could be in store for companies that do not meet cyber security obligations.

“You could argue that things like the corporations’ law, and consumer law, and privacy law already implicitly cover cybersecurity incidents. But we need to do more to make that more explicit.”

A Coordinator Could Work, If Managed Well: Professor

Yet one expert has said that while a new coordinator could serve a pivotal role in any future cyber incidents, he cautioned against potential double-ups between government departments.

“I think what it does is actually bring together business and government to try and deal with cybersecurity issues, something that was markedly lacking at the outset of the Optus data breach,” Rob Nicholls, associate professor of regulation and governance at the University of New South Wales told The Epoch Times.

He warned, however, that red tape was already an issue in areas such as critical infrastructure.

“You have critical infrastructure rules in one piece of legislation, let’s say in telecommunications, but you also have existing rules based on the criticality of that infrastructure,” Nicholls said. “Where those rules are inconsistent, then you get horrible bureaucratic messes.”

He said that a coordinator could effectively discard any double-up of laws and regulations if given the right powers.

Regarding the home affairs minister’s criticism of the previous government’s cyber laws, Nicholls noted that such laws have always been challenging to implement because they simply cannot keep up with the real world.

“They get framed at one point in time; they take up to six months to go through the parliamentary process to become law. In a field like cybersecurity, if you try and catch up with technology through the law, that’s always going to be problematic,” he said.

Nicholls said laws needed to give enough powers and discretion to agencies to deal with a cyber threat rather than “wait for Parliament to deal with it.”

Daniel Y. Teng
Daniel Y. Teng
Writer
Daniel Y. Teng is based in Brisbane, Australia. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Got a tip? Contact him at [email protected].
twitter
Related Topics