Google, Microsoft, and Amazon have unanimously fought to amend a proposed bill that could allow the Australian government to implant its own cybersecurity software onto the back of the cloud systems of the Big Tech companies.
The measures come amid mounting anxiety regarding the potential impact of a cyberattack on the nation’s arterial sectors—including energy, health, and food—many of which have already experienced such incidents since the start of the year.
The legislation outlines that the government could require an “entity for a system of national significance to install and maintain a specified computer program in limited circumstances.”
“The ability to undertake such an action, particularly in the data storage and data processing sector, could have unintended consequences to customer privacy and security (business and citizens) in Australia, and around the world,” Google said.
However, the bill also specified that the decision to carry out such a move was not preferred and merely a “provision of last resort,” with the option only considered if a relevant entity failed to provide the government with the information it required following a cyber attack.
It further outlined, that if providing the necessary information proved difficult—for example, if the reform or software was too expensive—the government would provide support and supply the necessary software for free given the information’s importance in handling cybersecurity risks.
“Organisations familiar with their own systems are inarguably best placed to do so, and this is particularly true for hyperscale cloud service providers that operate highly complex and interdependent systems,” Microsoft said.
The tech titan explained that third-party software developers who inherently lacked an understanding of the system’s structure would only introduce problems that could severely impact the operations and would require extensive testing.
“Introducing third parties unfamiliar with a cloud service provider’s systems and architecture risks compromising the security and integrity of these systems and creating collateral consequences, including the interruption of critical services and the creation of new vulnerabilities.”
Microsoft agreed that the intervention would be beneficial for some entities and supported the government’s push for strengthened cyber defence. However, like the other giants, it suggested that the cloud services sector be omitted altogether.
Matthew Warren, Director of the RMIT University Centre for Cyber Security Research and Innovation, welcomed the bill, saying that it facilitated an important partnership between industry and the Australian Cyber Security Centre (ACSC) and the Australian Signals Directorate (ASD).
“The bill will succeed in strengthening Australia’s overall cyber security and defence capabilities as critical infrastructure organisations can draw upon the expertise and capabilities of ASD / ACSC,” Warren told The Epoch Times.
Warren said that the government’s installation of software would not be for all critical infrastructure, and would only be in exceptional circumstances to help collect information on threats or block malicious attacks.
Warren also pointed out that the nature of Google Cloud’s globally interconnected infrastructure posed a significant problem, meaning the government could obtain sensitive information of Google’s customers domestically, and abroad.
