By Staff Writer
Following a two-day Parliamentary Committee on Intelligence and Security Hearing last week reviewing the proposed Critical Infrastructure Bill, Committee Chairperson Senator James Patterson says it is essential the government and private sector works together to protect against cyberattacks and intrusions.
“Cybersecurity relies on all of us working together to protect ourselves and our country,” Senator Patterson said.
The Intelligence and Security Committee is conducting an inquiry into proposed new legislation on critical infrastructure. It will update existing 2018 legislation by broadening the number of industry sectors classified as critical infrastructure. The proposed legislation will give the Federal Government new powers to counter cyberthreats.
On Friday, the Committee heard about the potential for maligned foreign state actors to disrupt critical Australian infrastructure.
The Committee was told there were likely already dormant foreign state actors “lying in wait” to damage critical assets as a disabling prelude to a regional crisis.
“It is a sobering warning from some eminent experts,” said Senator Patterson on Friday.
Referring to the recent Colonial Pipelines cyberattack in the United States, Senator Patterson said a former senior official at the US Department of Homeland Security told the Committee on Friday it was not difficult to imagine a state-based actor taking similar action to disable critical infrastructure like the supply of gas, knowing that it would hinder a country’s ability to respond to escalating tensions in the immediate region.
“It demonstrates the need why Australian companies and businesses, particularly those in systemically important areas, must drastically lift the level of their cybersecurity and resilience.”
Likening cyberattacks and cyber intrusions to grey-zone tactics that can do serious harm to a country, Senator Patterson argues it is vital to know who is behind the attacks and have a high level of confidence in that knowledge.
“The Bill before parliament would require companies to demonstrate that they have plans in place to protect themselves. In extreme circumstances, it will give the power to the government to step in and assist a company in overcoming a very serious cyber incident if they are unable to do so on their own.”
But not every organisation making a submission over the two-day hearing welcomed the Government’s proposed broadening of powers. Big tech joined forces to oppose step-in powers.
The CEO of the Australian Signal Directorate’s Cyber Security CRC, Rachael Falk, said such powers would likely operate via a compulsory notice served on an organisation to engage and discuss with the ASD.
But both Google and Amazon Web Services were lukewarm about the idea of ASD knocking on their door, particularly the notion of ASD installing monitoring software.
“We don’t think the sort of step-in powers to install software under really any circumstance in our situation is going to do anything to make things better and has a very high probability, if not certainty, of making things worse,” Google’s threat analysis group director Shane Huntley told the Committee.
Public hearings into the proposed Bill have concluded. The Committee will make any recommendations about proposed reforms to the Attorney General.
