Australia’s federal government will overhaul a $1.7 billion cyber security plan set up under Scott Morrison in the aftermath of the hacks of Optus and Medibank.
Key points:
- A national cyber office will be established to lead emergency responses to cyber attacks
- Cyber laws will be rewritten to give government more powers to intervene
- The home affairs minister says current laws were “useless” during the Optus hack
A national cyber office — led by a new coordinator for cyber security — will be established under the Home Affairs Department to lead the renewed strategy.
Home Affairs Minister Clare O’Neil said the Optus and Medibank hacks exposed flaws in Australia’s cyber laws.
“In those events, we were meant to have at our disposal a piece of law that was passed by the former government to help us engage with companies under cyber attack,” Ms O’Neil said.
“That law was bloody useless, not worth the ink printed on the paper when it came to actually using it in a cyber incident. It was poorly drafted.”
Ms O’Neil said that, when Optus was hit, there was no emergency response function within the Australian government, and it was able to respond only because a cabinet minister became directly involved.
That hack exposed the customer data of millions of Australians, including passports, drivers licences and Medicare details.
The government hopes to have its cyber coordinator in place within a month, to develop an emergency response plan and to be a central position in managing attacks with “spine”.
However, the minister said, Australia’s security laws would also need to be rewritten.
In particular, the government would look to reform the Security of Critical Infrastructure Act to possibly include customer data and “systems” in the definition of critical infrastructure, to give government power to intervene in major data breaches.
It will also consider a new Cyber Security Act that would impose new obligations and standards across industry and government.
Ms O’Neil said the government was also open to discussions on whether companies should be able to pay ransoms to end a cyber attack.
The prime minister and Ms O’Neil are due to host a roundtable on cyber security today with industry and civil society groups.