Cybercrime bill tabled
The Australian government says it is taking action against rising cybercrime.
The Cyber Security Bill 2024 was introduced by Cyber Security Minister Tony Burke this week, which would require businesses that pay ransomware hackers to report payments to authorities, providing the government with a clearer picture of the ransomware landscape.
The legislation is part of a wider package designed to improve Australia's cyber defences.
Burke noted that ransomware attacks cost Australian businesses an average of $9.27 million in 2023, causing significant economic and national security harm.
“This issue needs to be tackled,” said, adding that mandatory reporting would help the government develop tools to combat ransomware effectively.
The bill's development follows government promises dating back to 2021, when cyberattacks surged. The government also outlined the need for a Cyber Security Act in 2023, resulting in this proposed legislation.
The bill includes several reforms beyond ransomware reporting, such as new cybersecurity standards for smart devices.
“Australians love the convenience of smart devices...but consumers need to know that smart devices are still safe devices,” Burke stated.
The legislation also introduces amendments to the Intelligence Services Act and the Security of Critical Infrastructure Act (SoCI).
These amendments will limit how incident data shared with the National Cyber Security Coordinator and the Australian Signals Directorate can be used, encouraging more businesses to voluntarily report cyber incidents.
The bill attempts to strengthen SoCI by expanding its coverage to include secondary assets and data systems linked to critical infrastructure. This is intended to protect national security and economic stability by managing multi-asset incidents more effectively.
Additionally, an independent Cyber Incident Review Board will be established to analyse major cyber breaches and recommend improvements.
Burke cited recent high-profile breaches, including those of Optus and Medibank, as proof of the urgent need for better coordination between government and industry.
Regulators will gain new powers under the SoCI Act to compel businesses to address serious deficiencies in their risk management.
These powers are aimed at helping safeguard critical infrastructure and reduce risks to Australia's security and economy.