Labor’s plan: Empower home affairs minister during cyber-attacks on infrastructure.

December 19, 2023
1 min read

Key Points:

  • The Australian government is proposing changes to the Security of Critical Infrastructure Act that would give the home affairs minister powers over critical infrastructure during cyber-attacks.
  • Under the proposed changes, the minister would be able to order energy, transport, or communications entities to take action during a cybersecurity incident.
  • The minister could also order companies to replace personal documents compromised in a data breach or share customer data with banks to prevent further fraud.

The Australian government is considering changes to the Security of Critical Infrastructure Act that would grant the home affairs minister additional powers during cyber-attacks. The proposed changes would allow the minister to order critical infrastructure entities, such as those in the energy, transport, or communications sectors, to take or cease action during significant cybersecurity incidents. These changes are being considered in response to the 2022 Optus and Medibank incidents. The minister would also be able to order companies to replace personal documents compromised in a data breach or share customer data with banks to prevent further fraud.

The proposed changes were outlined in a consultation paper released by the home affairs and cybersecurity minister, Clare O’Neil. The paper also discusses other potential areas for cybersecurity reform, such as mandatory security standards for smart devices and rules that would require more businesses to report cyber-attacks or extortion attempts.

The government argues that these changes are necessary to address the challenges that businesses face in responding effectively to cyber-attacks. Currently, businesses are restricted in sharing information with banks about affected customers, and the government does not have sufficient powers to direct them to take action. The proposed powers for the home affairs minister would allow for the directio{n} of critical infrastructure entities to prevent or mitigate the consequences of an incident. They would also authorize the disclosure of protected information to allow for the sharing of information and the gathering of information for consequence management.

The consultation period for the proposed changes will close on March 1, 2024.

Latest from Blog

Trust is the secret sauce for cybersecurity success

TLDR: Key Points: Trust between CISOs and top executives is crucial for justifying cybersecurity investments. Five key questions CISOs must ask themselves about their cybersecurity strategy include budget justification, risk reporting, celebrating

Expert opinion on cyber security is a must have

TLDR: Key points from the article: Study shows link between lack of sleep and increased risk of Alzheimer’s disease. Researchers found that poor sleep quality was associated with higher levels of brain