The government has progressed long-mooted reforms that will compel the telecommunications industry to take steps to protect network infrastructure.
The Telecommunications and Other Legislation Amendment Bill 2015 (PDF) will amend theTelecommunications Act 1997 to strengthen the current framework for managing national security risks to Australia's telecommunications networks.
In a 2013 report, the Parliamentary Joint Committee on Intelligence and Security had recommended that the government create a telecommunications security framework.
That framework would include an obligation to protect infrastructure and data passing through it, compel industry to provide the government with information to assess national security risks to telco infrastructure and a penalty regime to include compliance.
In its report earlier this year that rubber-stamped the introduction of data retention, the PJCIS included as a recommendation that the government enact the 'Telecommunications Sector Security Reforms' (TSSR) prior to the end of the implementation phase for data retention.
The government indicated it supported the recommendation.
"TSSR is designed to ensure the security and integrity of Australia's telecommunication infrastructure by encouraging ongoing awareness and responsibility for network security by the telecommunication industry, and will extend to provide better protection of information held by industry in accordance with data retention obligations," the submission from the Attorney-General's Department to the data retention inquiry stated.
"TSSR will impose an obligation on service providers to do their best to prevent unauthorised access and unauthorised interference to telecommunications networks and facilities, including where the provider outsources functions."
The bill unveiled last week will enhance existing information sharing and relationships between government and telecommunications carriers, carriage service providers and carriage service intermediaries (C/CSPs) to "ensure greater consistency, transparency and accountability for managing national security risks across all parts of the telecommunications sector," a draft explanatory memorandum states.
Communications Minister Malcolm Turnbull said the bill will provide a security framework to strengthen the government's ability to manage national security risks to telecommunications networks by:
- Obliging all carriers, carriage service providers and carriage service intermediaries to do their best to protect their networks from unauthorised access and interference.
- Requiring carriers to notify security agencies of key changes to networks and management systems that could adversely affect their ability to protect their networks.
- Providing the Secretary of the Attorney-General's Department with direction and information gathering powers, enforceable by a civil penalty regime.
"This framework builds on existing obligations in the Telecommunications Act 1997 and will be implemented via a collaborative partnership with industry, involving increased engagement and information sharing with government agencies," a statement issued on behalf of the communications minister and Attorney-General George Brandis said.
Government agencies would also provide general and targeted threat assessments and mitigation advice to assist telecommunications carriers and carriage service providers to manage risks to their networks.
Sign up for CIO Asia eNewsletters.