Australia’s New Cybersecurity Bill
Australia has taken a decisive step to strengthen its cyber defences with the introduction of new cybersecurity legislation. This legislative package addresses gaps and brings Australia in line with international best practice to ensure the country is on track with it's goal to become a global leader in cyber security.
What’s in the Bill?
Here are the key provisions outlined in the legislation:
Mandatory Ransomware Payment Reporting
If an organisation makes a ransomware payment or becomes aware of such payments made on its behalf, it must file a detailed report within 72 hours. This aims to reduce the growing ransomware economy by providing intelligence to law enforcement.
National Cybersecurity Standards for Smart Devices
Manufacturers and suppliers of internet-connected products (like IoT devices) must now meet baseline cybersecurity standards. This includes providing a statement of compliance and ensuring the products are secure before entering the Australian market.
Establishment of a Cyber Incident Review Board (CIRB)
The CIRB will review major cyber incidents to identify lessons and recommend actions for both government and industry. However, the Board is strictly prohibited from apportioning blame or liability.
National Cybersecurity Coordinator Role
A centralised role has been created to oversee incident triage and cross-government coordination during significant cybersecurity incidents. The Coordinator can request voluntary information from impacted entities to better assess and respond to threats.
Stronger Enforcement Powers
The government now has the authority to issue compliance notices, stop notices, and recall notices to entities that fail to meet security standards. Civil penalties apply for non-compliance.
What’s New for Businesses?
This legislation is particularly impactful for organisations handling sensitive infrastructure or operating within supply chains. Here’s what’s different:
Accountability for Product Security: If you’re supplying IoT or networked products in Australia, you need to meet specific security benchmarks.
Coordination During Major Incidents: Businesses are encouraged to share data voluntarily with the National Cybersecurity Coordinator during significant incidents to streamline national responses.
Ransomware Payment Transparency: Reporting ransomware payments is no longer optional. While this introduces an administrative burden, it also discourages indiscriminate ransom payments.
A Call to Action
For businesses, this legislation represents both a challenge and an opportunity. By prioritising compliance and building resilience, organisations can not only meet regulatory demands but also strengthen customer trust and operational stability.
Comments