Australia’s telecommunications companies will be hit with new rules forcing them to update the federal government on their cybersecurity regimes, with the Home Affairs minister worried they have been left to manage their own affairs with limited oversight.
Key points:
- Telecommunications companies will be brought into the “critical infrastructure” scheme, applying new reporting obligations
- The minister says telcos were left alone to manage their cyber affairs for too long
- The government will also introduce new reporting rules for companies targeted by ransomware
Last year’s massive Optus cyber attack forced the issue into the public spotlight, fuelling serious concerns about the preparedness of Australia’s telecommunications sector to deal with hacks – in terms of protecting their services, and the sensitive customer data they hold.
“The rules will make sure that telcos actually meet the minimum cyber standards that were applied to many other critical Australian companies,” Home Affairs Minister Clare O’Neil told the ABC.
“It will require them to properly consider all of the risks on their networks and to establish proper cyber defences.
“These rules, frankly, should have been in place a long time ago.”
The laws will classify telecommunication companies as “critical infrastructure”, which will require company boards to report to government on their cybersecurity strategies in the same way energy companies, hospitals and ports do.
The minister insisted telcos were integral to the nation’s security.
“There’s no question in my mind that, when we came to government, telcos weren’t being properly regulated,” Ms O’Neil said.
“They should always have been subject to strict cyber requirements.
“Now our government is stepping up, we are setting tough new laws for our telco companies to make sure that these companies are properly protecting the cybersecurity of Australian citizens and their data.”
Companies to be forced to report to government when hit by ransomware
The announcement comes ahead of the federal government’s new cybersecurity strategy being released next week, which will also focus on the growing threat of ransomware.
“Ransomware is the fastest-growing crime type in our country — It affects every size of business, and it affects a lot of Australian citizens,” Ms O’Neil said.
“You can’t fix a problem, though, that you can’t see, and today this problem is hidden from us.
“We’re going to require for the first time Australians to report and to make clear to government when ransomware demands are made and when payments are made, to start the process of making sure that we can properly tackle this problem together as a country.”
Even though the new approach would require notification of ransom payments, the government insists Australians should not bow to hackers’ demands.
“The strong advice of the Commonwealth government is not to make ransomware payments,” Ms O’Neil said.
“You probably will not get your data back and they will probably come for you again.
“But we do know that some businesses are paying ransoms.
“The critical thing for us at the moment is that we don’t have a clear picture of what this crime type looks like for our country, we need to build that and we need to work with Australians and Australian businesses to move to a position where we can make ransomware payments illegal — that should be the end goal for the country.”
Loading…
If you’re unable to load the form, you can access it here.