Government must cooperate on critical infrastructure reforms
By Paul McInerney*
Thursday, 29 October, 2020
Our nation has critical dependencies in the digital domain, and thus critical dependencies on the trust and security of all digital activity. Focus is needed to ensure the digital environment is secure, resilient and effective.
Analysis of the response to the COVID-19 pandemic — with its accelerated uptake of digital technologies as well as more day-to-day activities moving online — provides an opportunity for reframing of the nation’s approach towards cybersecurity.
In early September, ITPA took part in an open discussion with other groups within our industry on the release of Australia’s 2020 Cyber Security Strategy and its related consultation paper. The forum was chaired by AustCyber.
Quite a lot of discussion was held, with some of key issues raised being:
- With the expansion of the Security of Critical Infrastructure Act 2018 (SOCI), how will the interdependencies across supply chains would work?
- How the TSSR (Telecommunications Sector Security Reforms) will link with SOCI;
- The various maturity levels of the regulators in relation to security;
- The knowledge and skills gap;
- The need for guidance and playbooks;
- Industry needs to see an exposure draft of the bill before it is introduced;
- Potential compensation for industry for the costs of complying with the new SOCI Act.
Initially the Department of Home Affairs’ (DHA) Minister’s office was approached to provide feedback on the above key issues, with the response that each will be worked through, including an intention to circulate a draft on any proposed changes to the SOCI Act 2018.
Importantly with the last two points listed above, having exposure to a draft would give our industry a valuable chance to argue for clarification wherever it is lacking, and to pick up legislative elements that are poorly drafted or could generate unintended consequences.
Also, with proposed changes to the Act, there will no doubt be costs associated with complying, similar to when the data retention legislation was passed. Thus, there needs to be a similar Implementation Working Group (IWG) that can play a role in creation of government grants that can be paid towards compliance.
Delivering on changes will need expertise and skills. So also needed is a focus on developing skills and professional expertise at higher levels, which can come from a combination of continual professional development (a position ITPA encourages and endorses) and on-the-job experience.
Following the release of the 2020 Cyber Security Discussion Paper, the DHA received more than 200 submissions. This was a good result, driven also by ‘town hall meetings’ across the country that focused on the needs of particular areas and industries.
As a result of the above, the Minister for Home Affairs has now established an Industry Advisory Committee. The hope is that this newly minted committee will build on the success of the Industry Advisory Panel (IPA) established in November 2019 to advise on the Cyber Security Strategy 2020.
So where to from here? The DHA is hoping to push through any amendment to the SOCI Act over the coming months, so a draft should be forthcoming soon. ITPA will continue to follow and monitor further developments closely and participate in further discussions when viable, whilst also continuing to raise any concerns from our membership.
If you would like to be more involved in future discussions, then please reach out to us — email@example.com.
With a view to improving my 'leanness' and stop myself working so many extra hours, I...
In light of the current situation in Ukraine, the ACSC is urging all Australian organisations to...
Attempting major IT changes late in the day — or week — can be a recipe for disaster.