The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has commenced an inquiry into the Cyber Security Legislative Package consisting of the Cyber Security Bill 2024, the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 and the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024.
The Cyber Security Legislative Package intends to implement seven initiatives under the 2023-2030 Australian Cyber Security Strategy, which aims to address legislative gaps to bring Australia in line with international best practice and help ensure Australia is on track to become a global leader in cyber security. These measures are intended to address gaps in current legislation to:
- mandate minimum cyber security standards for smart devices;
- introduce mandatory ransomware reporting for certain businesses to report ransom payments;
- introduce 'limited use' obligations for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD); and
- establish a Cyber Incident Review Board.
The package also intends to progress and implement reforms to the Security of Critical Infrastructure Act 2018 (SOCI Act). These reforms are intended to:
- clarify existing obligations in relation to systems holding business critical data;
- enhance government assistance measures to better manage the impacts of all hazards incidents on critical infrastructure;
- simplify information sharing across industry and Government;
- introduce a power for the Government to direct entities to address serious deficiencies within their risk management programs; and
- align regulation for the security of telecommunications into the SOCI Act.
Senator Raff Ciccone, newly elected Chair of the PJCIS, said "Cyber security and protection of critical infrastructure are essential components of Australia's national security. This review will aim to ensure the new legislative package will operate as effectively and reasonably as possible in response to ever increasing cyber threats. The Committee looks forward to engaging with a range of government, civil society and corporate submitters."
Submissions to the inquiry are invited by Friday 25 October 2024.