National

Mandatory cybersecurity standards under new laws

By AAP Newswire

Nov 25, 2024

A laptop displays a message after it was infected with ransomware — Reporting of ransomware payments will apply to businesses that meet an annual turnover threshold. -EPA

Smart devices will be subject to cybersecurity standards and some businesses will have mandatory reporting requirements for ransom payments under new laws.

Hold tight - we’re checking permissions before loading more content

The Albanese government's legislative package passed federal parliament on Monday, and has given Australia its first standalone Cyber Security Act.

Mandatory security standards will apply to devices including smart TVs smartwatches, baby monitors and consumer energy resources such as rooftop solar systems.

Reporting of ransomware payments will apply to businesses that meet an annual turnover threshold.

A report will have to be made to the Department of Home Affairs or the Australian Signals Directorate within 72 hours of making the payment or becoming aware of the payment.

The package will help Australia become a leader in cybersecurity by 2030, senator Raff Ciccone says. (Mick Tsikas/AAP PHOTOS)

Joint Committee on Intelligence and Security chair Raff Ciccone said many people could not live without smart devices, which had become part of daily life.

"This package provides an opportunity for this country ... to strengthen our national cybersecurity defences," the Labor senator told parliament.

"The bills will position Australians and all our businesses ... to better respond and to recover from cybersecurity threats and to help our nation become a world leader in cybersecurity by 2030 in an evolving threat environment."

The Victorian senator said the voluntary reporting scheme was underused, which limited the government's understanding of the ransomware threat landscape.

"The reporting obligations aren't about calling out businesses and hurting their reputation," he said.

"Instead, they'll enable us to determine the threat level and assist Australia's domestic law enforcement to disrupt cyber crime activities, both locally and abroad."

More than 87,000 cybercrime incidents were reported to the Australian Signals Directorate in the past year.

An attack on Optus in September 2022 affected 10 million people, and another in October at Medibank impacted about 9.7 million people.

Under the changes, a Cyber Incident Review Board will be set up to undertake reviews following significant incidents, and to make recommendations in a bid to help prevent future attacks.

The package implements reforms under the government's 2023-2030 Australian Cyber Security Strategy.

Opposition cyber spokesman James Paterson said the coalition supported the intent of Labor's package in the face of "a complex and evolving threat environment".

"The government needs robust levers to protect Australians from cyber threats," he said.

By AAP Newswire

Australian Associated Press