SYDNEY — Fearful of growing foreign interference and other hazards, the government wants to impose new obligations on industry and open doors to federal intervention across all critical infrastructure.
Already covering specific electricity, gas, water and ports assets, the proposed laws would bring 11 other sectors of the economy into the mix, including communications.
Australia’s telecommunications firms informally share information with security and intelligence agencies without triggering notification thresholds or federal intervention and want that to continue.
A “security uplift” could be achieved through a regime rolled out three years ago, not new blanket laws, Telstra informed a parliamentary inquiry on May 20.
“The issues at the core are the same,” Telstra‘s John Laughlin told the intelligence and security committee.
“Doing your best does take an all-hazards approach.”
Optus agreed duplication and operational risk could be avoided by being regulated under the existing regime rather than a new one.
“The best option would be to look at the existing working regime,” Optus vice-president Andrew Sheridan said.
“That’s our very strong view.”
A bill before parliament would impose new obligations as serious cybersecurity incidents escalate globally across hospitals, financial services, and pipelines. This is done to strengthen the cybersecurity of the institutions in the country.
Federal agencies would get greater powers to intervene to combat and head off breaches, and take decisions.
A new “positive security obligation” would include mandatory cyber incident reporting and risk management.
Telstra’s government relations boss James Toole said all of this could already be achieved.
He said telcos needed to have input early before a decision was announced that might need to be undone.
Telcos, internet providers, and others are already required to protect networks and facilities from unauthorized access and interference and must notify officials of any changes that put national security at risk.
But both leading telcos stopped short of calling for an exemption from the new bill.
Telstra and Optus told the committee Home Affairs needed to do better on “up front” sharing on threats and risk management for engineers to best understand what to do.
Optus warned of warping notification thresholds for security incidents.
“You notify too early and there’s not enough information for security agencies to make a call,” Sheridan said.
Notify too late and too many factors may come into play and cause delays in response.
Both Telstra and Optus supported the government’s push for data retention and storage to be located in Australia.
(Edited by Vaibhav Vishwanath Pawar and Praveen Pramod Tewari)
The post Australian Telcos Resist New Laws For Cyber ‘uplift’ appeared first on Zenger News.