Australian cyber espionage to control critical infrastructures in ransomware attacks
Australia‘s leading cyber spies will gain power in the event of ransomware or other cyberattacks on critical infrastructure.
The Australian Signals Directorate (ASD), a government agency responsible for cyber warfare and information security, will be able to take control of critical infrastructures – including energy, communications systems and banks – under a new law passed to parliament.
The law even classifies health and food companies as part of the definition of critical infrastructure and imposes new aggressive safety obligations.
So that ASD agents can help, operators of the affected infrastructure must report a critical network failure.
According to The Australian, the Critical Infrastructure Bill will be brought to parliament on October 20, with bipartisan support from the committee that examined it.
Home Secretary Karen Andrews announced that the proposed measures would ensure the safety of the essential services that Australians rely on:
“The recent cyberattacks and security threats to critical infrastructure both in Australia and abroad make these reforms critical.”
However, a coalition of Australian and international technology companies rejects the new laws. “Without substantial changes, the bill would create a number of unfulfilled obligations and set a worrying global precedent,” they wrote in a joint letter.
This year there has been a spate of high-profile ransomware attacks, including the US Colonial Pipeline cyber attack in May, forcing governments around the world to review and highlight their vulnerabilities.
Another ransomware attack in May, targeting Australian meat processing company JBS, caused Australian lawmakers to take a tougher stance. A new ransomware action plan announced last week will allow Australian authorities to seize or freeze financial transactions in crypto-related cybercrime regardless of country of origin.
The parliamentary Joint Committee on Intelligence and Security said that “the threat posed by cyber vulnerabilities and malicious cyber activity has become increasingly apparent in the past few years, with around a quarter of incidents.” It is reported that cybersecurity incidents affect critical infrastructure companies.
Related: Chainalysis acquires Excygent, a cybercrime investigation company fighting ransomware attacks