Labor could face Senate difficulties if it tries to dramatically expand the government’s powers to directly intervene in companies’ IT systems during cyber-attacks.
Under existing laws – which were controversial when introduced by the former Coalition government – the Australian Signals Directorate has the ability to “step in” as a “last resort” in some emergency situations, but only for critical infrastructure assets.
A discussion paper released by the government on Monday proposes expanding the definition of critical assets to include customer data and “systems”. That option would “ensure the powers afforded to government … extend to major data breaches such as those experienced by Medibank and Optus, not just operational disruptions”.
But the Coalition and the Greens – which together hold more than half of the seats in the Senate – have expressed reservations about changes that could dramatically expand the reach of the “step in” powers.
The Greens senator David Shoebridge, who is responsible for the party’s
policy on digital rights, said the government had “not made a case to justify the expansion of these extraordinary takeover powers”.
Shoebridge said the existing laws were designed for critical infrastructure “and can’t simply be copy-pasted to solve another problem”. He said the nation could not “keep relying on reactive measures and god-like takeover powers”.
Earlier, Anthony Albanese told a cybersecurity roundtable event that his government was concerned about increasingly prevalent “state-sponsored attacks” and other criminal acts seeking a profit, such as ransomware.
The government also announced it would appoint a new coordinator for cybersecurity, supported by a national office for cybersecurity within the Department of Home Affairs, “to ensure a centrally coordinated approach”.
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.