Prime Minister Scott Morrison last year revealed a wave of sophisticated cyber attacks on all levels of government, industry and critical infrastructure including hospitals, local councils and state-owned utilities.
The new laws will redefine what is deemed critical infrastructure, with universities, finance and banking, health and the food and grocery sectors, communications, defence industry, energy and transport added to the list.
Other proposals, such as new “positive security obligations” for businesses – which would include developing risk management plans – will be put in a separate bill after further consultations with industry and stakeholders.
Home Affairs Minister Karen Andrews said recent cyber attacks on critical infrastructure, both in Australia and overseas, made the changes “critically important”.
She said the laws would “secure the essential infrastructure and services all Australian’s rely on – everything from electricity and water, to healthcare and groceries”.
“They will bring our response to cyber threats more into line with the government’s response to threats in the physical world,” she said. “This legislation is about helping businesses focus on what they do best – delivering goods and services and supporting their customers.”
The Sydney Morning Herald and The Age revealed last week that global tech giants had stepped up their opposition to the laws, warning the bill would allow authorities to forcibly access their networks without due process.
The industry bodies representing some of the world’s biggest technology companies, including Google, Microsoft, Intel, Twitter, eBay, Amazon and Adobe, said the laws would create an “unworkable set of obligations and set a troubling global precedent”.
The government has been frustrated by a lack of co-operation during and after a cyber attack from some companies operating critical infrastructure.
The parliamentary inquiry into the proposed laws heard a major Australian company the subject of an attack refused to comply with the ASD for weeks. Transport and logistics giant Toll Group later conceded it may have been the company that failed to adequately engage with the ASD.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.