Australia’s first standalone Cyber Security Act has been passed by Parliament.
Minister for Cyber Security Tony Burke touted the Cyber Security Act as “an important step in bringing Australia’s cyber laws into the 21st century.”
The laws enact seven initiatives under the Government’s 2023-2030 Australian Cyber Security Strategy. This includes requiring certain businesses to report ransom payments.
They also give effect to a ‘limited use’ obligation for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD) to facilitate rapid and open sharing of information during a cyber security incident.
The laws also establish a Cyber Incident Review Board (CIRB) to conduct no-fault, post-incident reviews of significant cyber security incidents in Australia and make concrete recommendations to aid in the prevention, detection, response, and minimisation of cyber incidents in the future.
They also enable the Minister for Cyber Security to prescribe mandatory cyber security standards for smart devices.
The package also progresses reforms under the Security of Critical Infrastructure Act 2018 (SOCI Act) that aim to:
- clarify existing obligations in relation to systems holding business critical data
- expand existing last resort powers to enable Government assistance to manage the impacts of all hazards incidents on critical infrastructure
- simplify information sharing across industry and Government
- enable the Government to direct entities to address serious deficiencies within their risk management programs
- integrate regulation for the security of telecommunications into the SOCI Act.
.png&h=298&w=480&c=1&s=1)
