New cyber bills loom
The Federal Government has unveiled Australia's new cyber security strategy, which consists largely of previously-announced strategies.
The Federal Government says its new $1.67 billion cyber security strategy is ready, but much of the detail will not be revealed until forthcoming legislation is put before parliament.
The 52-page strategy (available here in PDF form) directs $1.67 billion to be invested in a number of initiatives aimed at enhancing Australia's cyber security over the next decade.
It appears to consist largely of a re-announced $1.35 billion cyber enhanced situational awareness and response (CESAR) package.
The new framework outlines the government’s minimum expectation, including an “enforceable positive security obligation for designated critical infrastructure entities”.
“These powers will ensure the Australian Government can actively defend networks and help the private sector recover in the event of a cyber-attack,” the strategy states.
“The nature of this assistance will depend on the circumstances, but could include expert advice, direct assistance or the use of classified tools.
“This will reduce the potential down-time of essential services and the impact of cyber-attacks on Australians.”
The framework will be delivered through amendments to the Security of Critical Infrastructure Act.
It focuses heavily on critical infrastructure and ensuring assets are properly defended during a cyber-attack, and assisting operators to “enhance their cyber security posture”.
It includes a proposed $62.3 million “classified national situational awareness capability”, which was funded in the CESAR package, to response to threats against critical infrastructure.
There is also money for the government's $35 million cyber threat-sharing platform, allowing critical infrastructure operators to share intelligence about malicious cyber activity.
The government says it is also considering additional “legislative changes that set a minimum cyber security baseline across the economy”.