Committee endorses telco sector security reforms

The Parliamentary Joint Committee on Intelligence and Security has made a series of recommendations for amending the Telecommunications Sector Security Reform (TSSR) legislation.

The proposed TSSR Bill would create a legislative obligation on service providers to protect telecommunications networks from attacks. The committee has now recommended that the Bill be passed with alterations.

The legislation would give the Attorney-General powers to order telecommunications service providers to take action if there appears to be a risk to national security.

Operators would also have to inform the Attorney-General’s department about any changes such as offshoring or purchases related to sensitive components of their networks if they could have a material adverse impact on the security of their networks.

Major industry groups including the Communications Alliance, the Australian Information Industry Association and the Australian Mobile Telecommunications Association have endorsed the proposed changes and urged the Attorney-General to accept the recommendations.

The recommendations were developed after industry groups expressed concern over perceived problems with the draft legislation.

They include the proposed creation of new guidelines to clarify obligations relating to offshore infrastructure, infrastructure used but not owned or controlled by service providers and providers of over-the-top internet services as well as cloud computing and cloud storage services.

The committee also called on the government to work collaboratively with industry representatives to improve information sharing relating to possible threats.

In addition, the committee has recommended that AGD report annually on the performance of the scheme and provide operators with more details on the types of changes that would or would not require notification to the department.

“We always prefer to have amendments captured in the legislation itself, rather than in Guidelines, but the PJCIS has done an excellent job of highlighting to government the remaining weaknesses in the legislation, and government should accept the recommendations,” Communications Alliance CEO John Stanton commented.

But he expressed concern that the recommendation only stipulates that the guidelines need to be completed by the end of the 12 months scheduled for implementing the new regime.

“This work should be done within the first 6 months — and with full industry involvement — so that industry has some breathing space in which to complete its compliance work before the legislation takes full effect,” he said.

Follow us on Twitter and Facebook