Australia’s telecommunications companies will be hit with new rules forcing them to update the federal government on their cybersecurity regimes, with the Home Affairs minister worried they have been left to manage their own affairs with limited oversight.
Key points:
- Telecommunications companies will be brought into the “critical infrastructure” scheme, applying new reporting obligations
- The minister says telcos were left alone to manage their cyber affairs for too long
- The government will also introduce new reporting rules for companies targeted by ransomware
Last year’s massive Optus cyber attack forced the issue into the public spotlight, fuelling serious concerns about the preparedness of Australia’s telecommunications sector to deal with hacks – in terms of protecting their services, and the sensitive customer data they hold.
“The rules will make sure that telcos actually meet the minimum cyber standards that were applied to many other critical Australian companies,” Home Affairs Minister Clare O’Neil told the ABC.
“It will require them to properly consider all of the risks on their networks and to establish proper cyber defences.
“These rules, frankly, should have been in place a long time ago.”
Can Optus boss survive debacle?
The laws will classify telecommunication companies as “critical infrastructure”, which will require company boards to report to government on their cybersecurity strategies in the same way energy companies, hospitals and ports do.
The minister insisted telcos were integral to the nation’s security.
“There’s no question in my mind that, when we came to government, telcos weren’t being properly regulated,” Ms O’Neil said.
“They should always have been subject to strict cyber requirements.
“Now our government is stepping up, we are setting tough new laws for our telco companies to make sure that these companies are properly protecting the cybersecurity of Australian citizens and their data.”
In a statement, Optus said it supported the announcement from government and appreciated the ongoing consultation with industry about the security of critical infrastructure.
Companies to be forced to report to government when hit by ransomware
The announcement comes ahead of the federal government’s new cybersecurity strategy being released next week, which will also focus on the growing threat of ransomware.
“Ransomware is the fastest-growing crime type in our country — It affects every size of business, and it affects a lot of Australian citizens,” Ms O’Neil said.
“You can’t fix a problem, though, that you can’t see, and today this problem is hidden from us.
“We’re going to require for the first time Australians to report and to make clear to government when ransomware demands are made and when payments are made, to start the process of making sure that we can properly tackle this problem together as a country.”
