Not content with merely implementing broad-scale privacy reform, the Government has announced a new position, the Coordinator for Cyber Security to be added to the Department of Home Affairs as a step towards their aim of “making Australia the most cyber secure nation by 2030“. This would seem to be a rather aspirational target!
The Coordinator will be supported by a National Office for Cyber Security, and their role will be to oversee steps to prevent future cyber security incidents and to help manage cyber incidents as they occur.
An advisory board led by former Telstra boss Andy Penn has published a discussion paper on Australia’s cyber security strategy for the remainder of this decade. The discussion paper raises Australia’s increased reliance on digital technologies since the COVID-19 pandemic, the growing significance of the cyber market to Australia’s domestic economy, and the lack of appropriate government powers to respond to recent data breaches as the impetus for revisiting cyber security with a fresh strategy.
Key talking points include the suggestion of a new Cyber Security Act to codify cyber security obligations from various legislative instruments and standards used in industry and government. The discussion paper also suggests including customer data and “systems” as critical assets under the Security of Critical Infrastructure Act (2018) to empower the Department to give directions and gather information in response to data breaches like those that occurred last year.
Reform that strengthens and simplifies Australia’s convoluted cyber security laws is certainly welcome, though the government should be careful to avoid adding to the cost of regulatory compliance without Australia’s cyber security benefitting from practical, effective, improvements. The government’s ambition for Australia should be a defence against malicious cyber actors more cost effective than a digital Maginot Line. Submissions on the discussion paper are open via webform until 15 April 2023.