This week the ‘Cyber Security Legislative Package’ was referred to the Parliamentary Joint Committee on Intelligence and Security. The package consists of the:
- Cyber Security Bill 2024,
- Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024, and
- Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024
Its intention is to implement initiatives aligned with the 2023-2030 Australian Cyber Security Strategy, aiming to fix gaps in legislation and bring Australia in line with international best practices.
Some of the measures include:
- Mandatory Security Standards for IoT Devices:
Introduces mandatory security standards for internet- and network-connectable devices to enhance protections and reduce vulnerabilities in IoT products.
- Mandatory Ransomware Reporting:
Requires businesses to report cyber incidents and ransomware payments to the Australian Government to improve understanding of the threat landscape and inform responses.
- Cyber Incident Review Board:
Establishes an independent body to review significant cyber incidents, offering insights and recommendations for improving cyber resilience.
- Limited Use Obligation:
Restricts how incident information shared with the National Cyber Security Coordinator is used, encouraging voluntary reporting without fear of regulatory repercussions.
- Government Coordination:
The National Cyber Security Coordinator leads the government’s response to significant cyber incidents, facilitating a coordinated approach to mitigate and resolve threats.
The bill is designed to adapt to evolving cyber risks, support industry collaboration, and align with international standards for improved national cybersecurity.
Plus, the package includes reforms to the Security of Critical Infrastructure Act 2018 (SOCI Act), including:
- Clarification of existing obligations in relation to systems holding business critical data.
- The enhancement of government assistance measures to better manage the impacts of all hazards and incidents on critical infrastructure.
- Simplification of information sharing across industry and Government.
- The introduction of a power for the Government to direct entities to address serious deficiencies within their risk management programs, and
- Alignment of regulation for the security of telecommunications into the SOCI Act.
Parliament is inviting submissions by Friday, 25 October 2024, and for more info about making a submission you can find it here.
To assist with planning, they ask that you indicate your intention to make a submission by Friday, 18 October 2024 by emailing pjcis@aph.gov.au.
If you’re wondering what the changes mean for your business, legal firm Gadens offer some of their advice on their website here, commenting:
‘If passed, the Cyber Security Bill would streamline a number of cyber security standards and reporting obligations and introduce several new penalties and regulatory powers for non-compliance with key obligations. As there is no monetary threshold for the application of these new laws, larger enterprises as well as small business will be affected equally, so entities of all sizes should prepare for a material uplift in their information security compliance processes and procedure to meet the new requirements.’
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.