Türkiye'de Mostbet çok saygın ve popüler: en yüksek oranlarla spor bahisleri yapmayı, evden çıkmadan online casinoları oynamayı ve yüksek bonuslar almayı mümkün kılıyor.
Search for:
Polskie casino Mostbet to setki gier, zakłady sportowe z wysokimi kursami, gwarancja wygranej, wysokie bonusy dla każdego.
  • Home/
  • Startups/
  • There are two critical questions in the Australian Government’s discussion paper on improving cybersecurity

There are two critical questions in the Australian Government’s discussion paper on improving cybersecurity

The federal government is pushing for a new cybersecurity agenda after last year’s major cyber breaches optus And Medibank.

“For businesses today, cybersecurity is as important as a lock on the door,” Prime Minister Anthony Albanese said Monday at the opening of the government’s cybersecurity roundtable in Sydney.

There, Secretary of Cyber ​​Security released Claire O’Neil a discussion paper which seeks to answer questions about the role government should play in improving Australia’s cyber resilience.

The government will also create a National Office of Cyber ​​Security, and a new role based on the Department of Home Affairs – Cyber ​​Security Coordinator.

O’Neil said the government struggled to find appropriate responses to last year’s major hacks because of a lack of prior policy or regulation.

The Optus and Medibank breaches have each been affected a third of the Australian population. Hackers have leaked personal information, including driver’s licenses, passports, and highly private medical records.

In both cases, government intervention was necessary, for example by creating ways for people to do so replace driver’s license ID numbers.

The discussion paper consists of 21 questions, many of which are about how government and industry can work together.

But two questions stand out as critically important.

1. Should the government ban ransomware payments?

Whether ransomware payments should be banned is a complicated question one I’ve covered before.

In short, a blanket ban on all ransomware payments is unlikely to deter cybercriminals from continuing their attacks. And the damage to businesses and critical infrastructure can be severe. A legal ban on paying to restore their systems may mean that small and medium-sized businesses cannot recover.

O’Neil has previously said she is considering a suspension on ransom payments. The discussion paper shows a more thoughtful approach.

It suggests the possibility of a distinction between different types of ransomware payment bans. For example, whether the government should prohibit payment to keep stolen data secret, versus payment to unlock a company’s hacked systems. It also asks whether, instead of prohibiting companies from paying ransoms, we should instead prohibit insurance payments to companies that become victims.

2. Should the government be able to claim ICT systems from companies?

The Critical Infrastructure Security Act was introduced in 2018 in response to the growing threat of attacks against the country’s key systems. It has been expanded more recently with a a total of 11 sectors from power grids and telecommunications to education and data storage.

The law is specifically about securing the systems on which our critical infrastructure runs.

But the discussion paper asks whether that should be expanded to include the personal data held on these systems, and whether the Australian Signals Directorate can take over the IT systems of companies affected by a hack.

While a seemingly minor addition to the law, the inclusion of personal data and expanded powers of the Australian Signals Directorate could be stretches too far.

In particular, this may involve handing over personal data of citizens held by the telecommunications and health sector to the government.

In addition, expanding the law in 2021 and 2022 to include data storage means virtually any business could fall within its scope.

No specific details about how this possible change might work are included in the discussion paper, but it could be a step with dire consequences.

Is there anything else I should know?

The discussion paper also calls for regulatory simplification as a priority.

Australia’s data laws are spread across a range of laws: the Privacy Act, the Critical Infrastructure Act, the Telecommunications Act, the National Health Act, and the list goes on. Spreading requirements across so many laws makes it difficult for businesses to understand their cybersecurity obligations.

In addition, the paper clearly outlines the need to prioritize training of cybersecurity personnel, both in technical and non-technical roles.

Australia has an estimated skills shortage of 30,000 cybersecurity professionals.

The discussion paper contains many suggestions that are likely to be welcomed by the industry, but some questions clearly arise concerns among industry professionals about the power of the government.

At this point, these are just questions. And industry, government and education providers will have a chance to answer these questions over the next six weeks before any final decisions are made. Hopefully they will be listened to.

This article has been republished from The conversation under a Creative Commons license. Read the original article.


Contents

Shreya has been with australiabusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider australiabusinessblog.com, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Leave A Comment

All fields marked with an asterisk (*) are required