However, the associations warned that the "onerous, one-way nature" of the notification requirements will act to hamper the responsiveness of service providers to cyber threats.
The group called on Government to consider more collaborative, effective approaches, as are being adopted or contemplated in other countries including the US, UK and Canada.
The submission stated that the proposed TSSR regime, “may in fact divert scarce resources away from investing directly in addressing cyber security threats, to compliance overhead arising from the regime. It may reduce the ability for the ICT industry and its clients to proactively monitor and quickly respond to threats and breaches".
While the proposed legislation establishes a set of obligations for Industry, the associations pointed to the absence in the legislation of an equivalent requirement for Government to brief Industry on emerging threats.
A further potential impractical provision, according to the group, was a requirement to attempt to protect networks that are ‘used’ by a service provider, even when these networks are not owned or controlled by that provider, and might not even be located in Australia or subject to Australian law.
Sign up for CIO Asia eNewsletters.