Australia mulls cyber law amid 23% rise in cyber attacks

Australia continues to grapple with a rising tide of cybercrime, as cyber criminals increase the frequency of their attacks on the nation.

Peter Maloney, CEO of AUCyber, highlighted the severity of the situation, noting that the country faces a 23% year-on-year increase in cyber-attacks, translating to one attack reported every six minutes. Maloney stresses the urgent need for robust measures to protect the nation's security and economic stability.

In response to the growing threat, the Australian government is contemplating the introduction of the Cyber Security Act. Maloney remarked that this proposed legislation aims to empower the government to effectively address emerging cyber threats. Key components of the proposed legislation include establishing minimum security standards for smart devices, mandatory ransomware reporting, and fostering information sharing with limited use obligations. The legislation also suggests the formation of a Cyber Incident Review Board to strengthen consumer protection and enhance Australia's cyber resilience.

Collaboration across various sectors is recognised as crucial to building a resilient cyber environment. According to Maloney, businesses, governmental entities, and consumers must engage in transparent information sharing to support national cyber security efforts.

Some experts, however, express skepticism about the effectiveness of such regulations. Craig Searle, global director of cyber advisory at Trustwave, points out that enforcing minimum cybersecurity standards for smart devices has proven challenging in the past due to the influx of grey market devices. He questions how the government intends to enforce compliance, suggesting that a structured framework, such as a register of approved goods, might be necessary to differentiate secure devices from insecure ones. Searle also raises concerns about the costs associated with compliance and who would bear these expenses.

Historical approaches to regulating Internet-connected devices have mainly been voluntary, as seen in items 63 and 64 of the 2020 National Cyber Strategy. Searle believes this voluntary nature has created a gap between policy and practical enforcement, often leaving such regulations as mere suggestions rather than mandatory requirements.

The discussion around new cybersecurity legislation comes amidst Cyber Security Awareness Month in Australia. This annual campaign serves to raise awareness about the importance of cybersecurity and online safety, now becoming more pertinent as digital threats evolve. AUCyber, a leading expert organisation in the field, is actively participating in the dialogue by offering insights into how cyber criminals orchestrate their operations and examining the government's response initiatives.

The proposed Cyber Security Act reflects a growing recognition of the need for more formalised and stringent cybersecurity measures. However, the success of such legislative changes will largely depend on effective implementation and enforcement strategies. As the digital landscape undergoes significant transformations, Australia must navigate the complexities of cybersecurity to safeguard its technological infrastructure and maintain public confidence in digital transactions and communications.