New laws to protect critical infrastructure from malicious attack were a crucial step forward in protecting the nation’s economic nervous system from cyberattack, Macquarie Government Managing Director Aidan Tudehope said recently.
The laws, initiated by the Government last year and passed by the Federal Parliament overnight, were also a good example of continued responsible bipartisanship in cyber-security, Mr Tudehope said.
“The sad reality is that there are individuals, groups and even nations that have shown a willingness and ability to put the wealth, health and even lives of innocent Australians at risk by attacking critical infrastructure,” Mr Tudehope said.
“Much of the infrastructure that allows us to operate in our day-to-day lives – power, communications, water, transport systems – are privately owned, and all are completely dependent on information and communications technologies to work,” he said.
Mr Tudehope said the Government’s own core agencies are required to comply with well-established standards and best practice guidelines.
But the effective protection of the national interest required these high standards to now reach beyond these agencies.
“The Government is right to step in now, before we have had a major incident, to take a leadership role in overseeing the preparedness of owners and operators of critical infrastructure to address these new challenges,” Mr Tudehope said.
Programs developed to protect the Government’s own agencies – such as controls over pathways to the Internet and certification of private sector cloud services by the experts in the Australian Signals Directorate of security standards – have become integral to the cyber security of the Commonwealth, Mr Tudehope said.
“The owners and operators of critical infrastructure – be they state governments or private enterprise – have been under no obligation to even consider these standards.
“The new laws mean the country’s leading cyber security experts in Canberra can now investigate the practices by these owners and operators.
“If necessary, the Minister can step in as a last resort,” Mr Tudehope said.
“Hopefully this will never be necessary as the passage of the laws should be enough to prompt critical infrastructure businesses to take action themselves to come into line with the standard practice for Federal Government agencies,” he said.
Mr Tudehope said concerns of many in the private sector about governments intervening in their decision making was understandable.
“But the Government has worked hard to strike an appropriate balance to ensure there is a focus on cyber safety without being overly intrusive, including the provision of a 12-month implementation period,” he said.
For more information visit www.macquariegovernment.com