The amendment to the Security of Critical Infrastructure Act 2018 allows the Australian Signals Directorate (ASD) to step in and take over operating systems of certain industries in the event of a cyberattack.
The number of sectors defined as critical infrastructure was also expanded from 4 to 11, including health care and medical, financial services, data storage and processing, defence, energy, and higher education.
These sectors will now be required to report all cyber incidents to the ASD. While “government assistance,” where the government will take over systems, will be available to the industries “as a last resort and subject to appropriate limitations.”
“We will only see the full cyber-capability of certain nations applied to other countries in the lead-up to, or actually in, war. And the prospect of war in our region is real,” he said. “These are worrying times.”
Molan called Australia a vulnerable nation and said the new Bill was one step to addressing these vulnerabilities.
“Most of us are aware of the reliance of our hospitals, transport, financial systems and military systems on the internet, but what many don’t realise is that many of our military systems rely on exactly the same civilian systems to pass data as do hospitals, transport, and banks,” he said.
All sectors of the Australian economy had been affected by these attacks, which resulted in one report of cybercrime every eight minutes and self-reported losses of over $33 billion.
“Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period—predominantly by criminals or state actors,” the report said.
However, the legislation was passed with opposition from the tech industry.
In a letter to Home Affairs Karen Andrews, industry bodies representing hundreds of tech companies, including Google and Microsoft, said the legislation granted the government “unprecedented and far-reaching powers.”
The Greens also opposed the Bill, with Senator Lidia Thorpe calling it a “greedy little power grab.”
“The bill gives considerable, and too much, power to the minister under the guise of protecting critical infrastructure,” Greens Senator Mehreen Faruqi added.