2 Experts: Aussie Govt. Would Control “Critical Infrastructure” During Cyber-attacks

BACKGROUND:

Sydney based Financial Review is reporting Coalition moves to boost critical infrastructure security. The Australian government plans to give their security agencies the power to intervene in the case of a cyber-attack on essential services. The bill would direct the Australian Signals Directorate (ASD) to take over control of a business’s cyber defenses during a cyber-attack as a “last resort”. Though based on the premise that most ordinary businesses are not able to bring sophisticated defensive resources to bear on a such an attack, critics see a serious problem with allowing the government to take on this responsibility. As the argument over Government “control” and the definition of “essential businesses” proceeds, the scope of such an intrusive move will be highly controversial. Experts with Cyvatar and Gurucul offer perspective.

Experts Comments

October 21, 2021
Josh Brewton
vCISO
Cyvatar

It’s interesting that the Government are willing to step in when the response is deemed not adequate. Where is the line drawn? How will they define their triggers? How or who will be paying for the response if the ASD take control. Given the frequency of Cyber Attacks today I wonder how the cost of such a response would be dealt with. It could push smaller businesses over the edge. With a healthy bill from the government and the added financial, operational and reputational impacts from the

.....Read More

It’s interesting that the Government are willing to step in when the response is deemed not adequate. Where is the line drawn? How will they define their triggers? How or who will be paying for the response if the ASD take control. Given the frequency of Cyber Attacks today I wonder how the cost of such a response would be dealt with. It could push smaller businesses over the edge. With a healthy bill from the government and the added financial, operational and reputational impacts from the attack itself.

  Read Less
October 21, 2021
Saryu Nayyar
CEO
Gurucul

The Australian government is set to pass laws requiring “essential industries” to report cyber-attacks immediately, and as a last resort, have the Australian Signals Directorate come in and take control of cyber defenses to respond.  Essential industries include food, energy, communications, financial services, and higher education and research.

Transparency on attacks is important, and formally informing the government is a good way of achieving that, but it’s not clear that having an

.....Read More

The Australian government is set to pass laws requiring “essential industries” to report cyber-attacks immediately, and as a last resort, have the Australian Signals Directorate come in and take control of cyber defenses to respond.  Essential industries include food, energy, communications, financial services, and higher education and research.

Transparency on attacks is important, and formally informing the government is a good way of achieving that, but it’s not clear that having an outside organization come in to take over defense is realistic. The Australian Signals Directorate personnel will be unfamiliar with the organization, the attack, and any existing defenses in place. This will likely result in confusion and an inadequate response. Instead, perhaps the government should direct essential industries to have a cybersecurity risk management program in place and define the minimum standards needed for organizations to protect themselves.

 

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.