Legislation introduced to Federal Parliament in November 2016 intended to help protect Australian communications networks and businesses from cyber attack and sabotage, has been criticised by a coalition of industry representatives.
The group includes the Australian Industry Group (Ai Group), the Australian Information Industry Association (AIIA), the Australian Mobile Telecommunications Association (AMTA) and Communications Alliance.
The group of industry bodies said the legislation in its current form may, in fact, make local companies and communications networks more vulnerable to cyber attack and sabotage.
After introducing the legislation to parliament, the Attorney General's department said, “the Bill formalises and enhances existing information sharing and relationships between government and telecommunications carriers and carriage service providers (C/CSPs) to ensure greater consistency, transparency and accountability for managing national security risks across all parts of the telecommunications sector.”
George Brandis - Australian Attorney General (picture courtsey of Neil Duncan & Deutsche Messe via Flickr)
The goals of the proposed changes to current law include establishing a security obligation applicable to all C/CSPs, requiring them to do their best to protect their networks from unauthorised access and interference.
It will also require carriers and some carriage service providers to notify security agencies of planned key changes to networks and services that could compromise their ability to comply with the security obligation.
Under the proposed new laws the secretary of the Attorney-General's Department would be empowered to request information from C/CSPs to monitor compliance with the security obligation. It would also provide the Attorney-General with a power to issue a carrier or service provider a direction requiring them to do or refrain from doing a specified thing to manage security risks.
The proposed legislation would also expand the operation of existing civil enforcement mechanisms in the Telecommunications Act of 1997 to address non-compliance with the security obligation, notification requirement, information requests and directions.
Industry strikes back
In a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), the industry group pointed to “serious problems” such as vague drafting, regulatory overreach, the ongoing risk that telecoms service providers could be forced by Government to dismantle or retro-fit existing communications networks, and the risk to hamper innovation and to place Australian businesses at a competitive disadvantage.
The submission also praised the Government for making a number of “useful amendments to earlier drafts of the legislation”, after receiving advice from industry stakeholders.
It also acknowledged that Australia’s critical infrastructure, including telecommunications services and networks, remains at risk from espionage, sabotage and foreign interference, and pointed out that industry players are commercially motivated to invest in hardening and protecting their networks.
Sign up for CIO Asia eNewsletters.