Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Australia’s cyber laws potentially harmful to security: Critical Infrastructure community - Best Business Review Site 2024

Australia’s cyber laws potentially harmful to security: Critical Infrastructure community

[ad_1]

secured-servers.jpg

Image: Shutterstock

A slew of Australia’s critical infrastructure service providers and union groups have lambasted the federal government’s critical infrastructure cyber laws due to it requiring organisations to install third-party software onto their systems if they are deemed to not be “technically capable” of managing cyberthreats.

Roger Somerville, Amazon Web Services’ (AWS) ANZ public policy head, said the need for new cybersecurity laws was apparent and AWS supported the Bill, but he remained critical of the software installation scheme contained within it.

The Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 contains outstanding elements of cyber laws passed by the Parliament last year, per recommendations from the parliamentary committee that is currently reviewing the laws. Among these outstanding elements are requirements for entities deemed “most important to the nation” to adhere to enhanced cybersecurity obligations, such as potentially installing third-party software.

Addressing the parliamentary committee that is reviewing the Bill, Somerville said there is a lack of clarity on how the software installation scheme would operate, and that the federal government saying it would only be used as a “last resort” is not sufficient.

“We do acknowledge that the Australian government has told us that those sorts of powers would be more relevant for less sophisticated cyber security entities than ourselves. But from our perspective, I think we’re very concerned that we still do need to see clear, practical guidance on how this would work,” Somerville said.

Somerville added that if the federal government was adamant in pushing ahead with establishing the software installation scheme, a technical support body that exists as an independent statutory office holder should be created to oversee the scheme’s operation.

“This body would also perhaps create an avenue for contestability of those decisions, particularly on the questions of technical feasibility,” he said.

AWS was not alone in sharing its concerns, as Palo Alto Networks ANZ public policy head Sarah Sloan, who also appeared before the committee, said the software installation scheme introduces unnecessary security risks into critical infrastructure environments.

This security concern was echoed by Communications Alliance CEO John Stanton, who provided an example of how the scheme could be dangerous.

“The danger is probably more when information is combined with other information sources, so we don’t necessarily hold a list of the people’s names behind IP addresses, but other organisations do. So if you combine data [from critical infrastructure entities] with telecommunications service providers data, because they know who the service providers are of those IP addresses then you’re able to effectively put together personal information,” Stanton said.

Software Alliance COO Jared Ragland, meanwhile, noted that the security issues with the scheme did not stop there as the installation of the software could lead to more issues across critical infrastructure supply chains.

“In addition to concerns about what kind of information might have legitimate access to the software, a real concern is that if the software is installed at each stage along this chain and it operates improperly, then there could be accidental problems. Perhaps it could be data leakage, but it could also be operational interruptions of other sorts,” Ragland explained.

For each of these organisations, trust appeared to be a core issue in their opposition to the software installation scheme. To address this lack of trust, not-for-profit advocacy group Internet Association of Australia (IAA) said the federal government should amend the proposed cyber laws to allow critical infrastructure entities to heavily test code.

“It’s highly, highly important that we need to have to trust the type of software that goes on to manage this. And we need the opportunity to be able to read the code, assess the code, test the code against other things,” IAA CEO Narelle Clark said.

The federal government’s critical infrastructure reforms sit alongside the ransomware action plan as being its primary regulatory efforts for bolstering Australia’s cybersecurity posture.

Labelled by Home Affairs Secretary Mike Pezzullo last month as the government’s defence against cyber threats, the federal government is hoping the second trance of cyber laws will create a standardised critical infrastructure framework for Australia’s intelligence agencies.

Related Coverage

Pezzullo frames Critical Infrastructure Bills as ‘defence’ and ransomware plan as ‘offence’

Home Affairs believes the second critical infrastructure Bill would create a common framework for preventing cyber attacks.

MacTel warns critical infrastructure reforms create gaps in government data protection

The cloud and data provider also sees a potential future where critical infrastructure providers and their suppliers shift data stores and processing functions offshore to avoid being regulated.

Home Affairs releases second Critical Infrastructure Bill with leftover obligations

This new Bill contains obligations that were excluded from the Security Legislation Amendment (Critical Infrastructure) Act 2021.

[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot