'%3e%3cpath%20d='M274.111%2080.4677L291.69%20129.625L309.27%2080.026C311.758%2073.0053%20314.246%2065.8372%20316.733%2058.522H350.124L340.468%2083.3126L307.519%20166.696H275.667L242.506%2082.4291L232.85%2058.5043H266.241L274.146%2080.4501L274.111%2080.4677Z'%20fill='white'/%3e%3cpath%20d='M362.857%20150.263V58.5397H393.613V166.731H362.857V150.281V150.263Z'%20fill='white'/%3e%3cpath%20d='M481.9%2058.522H512.656V166.713H481.9V155.529C475.746%20164.752%20464.55%20170.018%20450.048%20170.018C425.005%20170.018%20411.617%20153.125%20411.617%20128.547V58.5396H442.143V119.111C442.143%20132.929%20449.394%20140.827%20461.915%20140.827C471.572%20140.827%20478.168%20136.216%20481.9%20127.01V58.5396V58.522Z'%20fill='white'/%3e%3cpath%20d='M530.642%20150.263V58.5396H561.397V69.2828C567.764%2060.2889%20578.305%2055.2354%20591.711%2055.2354C606.213%2055.2354%20616.754%2060.713%20623.121%2069.9366C630.142%2060.9427%20641.567%2055.2354%20656.511%2055.2354C684.844%2055.2354%20700%2072.1276%20700%2096.7062V166.713H669.245V105.276C669.245%2092.3241%20662.224%2084.4257%20650.144%2084.4257C641.142%2084.4257%20634.333%2089.0375%20630.602%2097.5896V166.713H600.076V105.276C600.076%2092.3241%20593.055%2084.4257%20581.188%2084.4257C571.956%2084.4257%20565.589%2089.0375%20561.415%2097.5896V166.713H530.66V150.263H530.642Z'%20fill='white'/%3e%3cpath%20d='M378.227%2039.6508C389.186%2039.6508%20398.07%2030.7746%20398.07%2019.8254C398.07%208.87613%20389.186%200%20378.227%200C367.267%200%20358.383%208.87613%20358.383%2019.8254C358.383%2030.7746%20367.267%2039.6508%20378.227%2039.6508Z'%20fill='white'/%3e%3cpath%20d='M233.929%20117.344C234.583%2077.8526%20216.579%2055.2354%20180.111%2055.2354C146.508%2055.2354%20125.852%2078.9304%20125.852%20113.386C125.852%20116.373%20126.135%20119.376%20126.807%20122.292C133.067%20149.203%20155.245%20166.713%20183.701%20166.713C204.04%20166.713%20219.126%20158.444%20229.614%20144.927L211.38%20128.158C202.572%20136.657%20194.826%20140.138%20184.126%20140.138C169.889%20140.138%20159.843%20132.328%20156.678%20117.344H233.911H233.929ZM179.899%2075.4319C194.614%2075.4319%20201.865%2085.3092%20201.865%2098.0314H157.491C158.376%2084.4257%20166.493%2075.4319%20179.899%2075.4319Z'%20fill='white'/%3e%3cpath%20d='M19.8787%20166.978C30.8574%20166.978%2039.7575%20158.087%2039.7575%20147.118C39.7575%20136.149%2030.8574%20127.257%2019.8787%20127.257C8.90001%20127.257%200%20136.149%200%20147.118C0%20158.087%208.90001%20166.978%2019.8787%20166.978Z'%20fill='%23F5C345'/%3e%3cpath%20d='M115.505%20144.768L82.2916%20102.343C100.985%2095.5223%20112.216%2079.7079%20112.216%2059.4761C112.216%2031.9998%2091.5412%2013.0932%2059.8484%2013.0932H0V106.071H21.1167C33.3199%20106.389%2044.2142%20112.043%2051.5184%20120.808C52.3674%20121.815%2053.1632%20122.875%2053.906%20123.97L81.195%20160.105C84.8383%20164.31%2090.2148%20166.961%2096.2102%20166.961H132.678L115.523%20144.768H115.505ZM54.7549%2079.4782H32.3118V39.6861H54.7549C72.14%2039.6861%2079.3911%2047.6021%2079.3911%2059.4761C79.3911%2071.3502%2072.1223%2079.4782%2054.7549%2079.4782Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_340_1366'%3e%3crect%20width='700'%20height='170'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
4 minutes
Navigating Australia's New Cyber Security Act: Insights from Revium
The Australian Cyber Security Act aims to make Australia a global cybersecurity leader. While promising, there are still some concerns.
In a significant move towards enhancing national cyber resilience, the Australian government has passed the landmark standalone Cyber Security Act, as part of the 2023–2030 Australian Cyber Security Strategy. This game-changing legislation aims to make Australia a world leader in cybersecurity by addressing vital gaps and promoting closer collaboration between industries and government.
A key part of the Act is the "limited use" obligation. This means that information shared by organisations experiencing cyber-attacks can only be used under specific conditions, protecting entities from possible penalties and encouraging open reporting. The Act also requires mandatory reporting of ransom payments and establishes a Cyber Incident Review Board (CIRB) to assess and learn from major cyber incidents.
Key Aspects of the Legislation
The Cyber Security Act brings in several initiatives to boost Australia's cyber defences:
Mandatory Reporting: Large organisations now need to report ransom payments, providing valuable insights into threat actor operations for cyber professionals.
Cyber Incident Review Board (CIRB): This board will conduct post-incident analyses and make strategic recommendations for future incident responses.
Smart Device Standards: New standards will guide consumers on how to buy secure smart devices, impacting a variety of products from smartwatches to autonomous vehicles.
Simplified Information Sharing: The reform of the Security of Critical Infrastructure Act 2018 (SOCI) aims to make sharing information between government and the telecom industry smoother.
What This Means for Australian Businesses
Businesses across Australia will need to adapt to the new Cyber Security Act, and it will be vital for leaders to take proactive steps in aligning their strategies with the legislative changes. Here’s a quick overview of the areas to consider:
1. Enhance Cybersecurity Protocols:
Mandatory Reporting Preparations: Developing a framework for timely ransomware payment reporting, adhering to the 72-hour requirement.
IoT Compliance: Ensuring IoT devices meet new security standards and obtain supplier compliance statements.
Incident Response Plan Updates: Updating response plans to reflect the expanded incident management powers under the SOCI Act.
2. Foster Information Sharing and Collaboration:
Voluntary Reporting Considerations: Encouraging openness in cyber incident reporting to strengthen collaboration with the NCSC.
Leverage Limited Use Protections: Collaborating with government whilst utilising limited use protections to safeguard sensitive information.
3. Revise Legal and Risk Management Strategies:
Ransom Payment Policies: Reevaluating ransom payment policies considering legal, reputational, and financial implications.
Directors' Duties and Board Involvement: Ensuring directors understand their responsibilities related to cyber resilience and strategy.
4. Continued Education and Training:
Conduct Training Sessions: Providing training to keep staff updated on legislative changes and prepare for cyber incidents.
By taking these steps, Australian businesses can not only comply with the new Cyber Security Act but also strengthen their cybersecurity posture, ensuring they remain robust against evolving cyber threats. Indeed, this new legislation may act as valuable leverage in gaining investment in an area that is often underfunded until it is too late.
Our Thoughts on the new Cyber Security Act
While the updated regulations in the Cyber Security Act are a positive step forward, there are a few concerns with some aspects:
Reporting Scope: Only focusing on large organisations for mandatory reporting leaves out smaller businesses, who often fall victim to ransomware attacks. It's important that these policies include all businesses to make sure smaller enterprises aren't ignored.
IoT Device Management: Making sure all IoT products meet cybersecurity standards is a tough job. With such a wide range of devices, ensuring compliance is a daunting task. The rollout seems rushed, and taking a more measured approach would help ensure these standards can be applied effectively.
The Redundancy of New Boards: Is creating a new board like the CIRB truly needed when existing bodies might already be able to handle these tasks. Adding more layers could just lead to unnecessary bureaucracy.
Despite these points, Revium sees the Act's potential to place Australia at the forefront of global cybersecurity. Its success depends on how well it's put into action and adjusted over time to keep up with the ever-changing cyber threat landscape.
The new Cyber Security Act is a big step forward in securing Australia's digital future. It's crucial for industry leaders and policymakers to keep talking, address any gaps, and make sure all organisations, big and small, can navigate these changes confidently. By working together, we can turn strategic visions into strong, actionable outcomes that protect Australia's digital ecosystem for the future.