Australia to pass cyber laws to protect critical networks against foreign attacks

Australia will introduce one of the world’s strictest cyber security laws to bolster its defences against attacks launched by foreign powers targeting its critical infrastructure.

Canberra is preparing tougher legislation to protect national infrastructure assets from digital assault across 11 sectors, ranging from telecoms networks and electricity grids to water and sewerage companies. Businesses involved in financial services, defence, research, healthcare and education will also be subject to the laws.

The stiffer rules are set to be ratified by parliament as tensions rise between the US and its allies, including Australia, and China and Russia. A parliamentary committee was told last year that it was “100 per cent possible” that there was already a dormant presence, installed by foreign state actors, in parts of Australia’s critical national infrastructure designed to cripple its networks.

Legislation passed in parliament late last year allowed the Australian government to step in and take over the management of networks in the event of a catastrophic cyber attack. Companies also have to inform the government if they have been attacked.

Those companies will now have to adhere to a stricter compliance and monitoring regime to ease concerns of foreign interference.

James Paterson, chair of the Parliamentary Joint Committee on Intelligence and Security, said that much of Australia’s critical infrastructure was still deemed a “soft target” by the country’s adversaries.

“The digital world is the new battlefield and we all have a role to play in preparing ourselves for the challenges that reality poses,” he said on Wednesday. “Regrettably, even the best endeavours of industry may not be enough to stop a cascading and potentially economy-crippling collapse of supply lines and services.”

A quarter of all cyber attacks launched in the country last year were against critical infrastructure, according to the Australian Cyber Security Centre.

“It’s not difficult to imagine the crippling, society-wide consequences we would suffer should our systems be shut down by a malicious actor,” Patterson added.

On Tuesday, Australia committed to doubling the size of its cyber defence capabilities with a near-A$10bn (US$7.5bn) budget initiative called Redspice (resilience, effects, defence, space, intelligence, cyber and enablers). Canberra said the initiative was the most significant investment in the Australian Signals Directorate, which is now responsible for cyber warfare and information security, in 75 years.

The funds, spread over 10 years, will support the recruitment of 1,900 data scientists and software engineers and augment other military agreements such as Aukus. The Aukus deal signed between London, Canberra and Washington last year was designed to enable Australia to obtain nuclear-powered submarines to help counteract an increasingly assertive China