New legislation that provides the government greater powers to combat cyberattacks passed the Australian Senate with the support of the opposition on Monday.
The amendment to the Security of Critical Infrastructure Act 2018 allows the Australian Signals Directorate (ASD) to step in and take over operating systems of certain industries in the event of a cyberattack.
The number of sectors defined as critical infrastructure was also expanded from 4 to 11, including health care and medical, financial services, data storage and processing, defence, energy, and higher education.
These sectors will now be required to report all cyber incidents to the ASD. While “government assistance,” where the government will take over systems, will be available to the industries “as a last resort and subject to appropriate limitations.”
Senator Jim Molan, a former Army major general, told the Senate that not one country has yet to apply their full cyber resources into attacking another country through cyberspace.
“We will only see the full cyber-capability of certain nations applied to other countries in the lead-up to, or actually in, war. And the prospect of war in our region is real,” he said. “These are worrying times.”
Molan called Australia a vulnerable nation and said the new Bill was one step to addressing these vulnerabilities.
“Most of us are aware of the reliance of our hospitals, transport, financial systems and military systems on the internet, but what many don’t realise is that many of our military systems rely on exactly the same civilian systems to pass data as do hospitals, transport, and banks,” he said.
The Australian Cyber Security Centre’s (ACSC) latest annual cyber threat report revealed that over the 2020-21 financial year, the department received over 67,500 cybercrime reports, an increase of nearly 13 percent from the previous year.
All sectors of the Australian economy had been affected by these attacks, which resulted in one report of cybercrime every eight minutes and self-reported losses of over $33 billion.
“Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period—predominantly by criminals or state actors,” the report said.
However, the legislation was passed with opposition from the tech industry.
In a letter to Home Affairs Karen Andrews, industry bodies representing hundreds of tech companies, including Google and Microsoft, said the legislation granted the government “unprecedented and far-reaching powers.”
“[This bill] sets a disturbing precedent for other governments facing similar national security challenges,” the letter reads (pdf).
The Greens also opposed the Bill, with Senator Lidia Thorpe calling it a “greedy little power grab.”
“The bill gives considerable, and too much, power to the minister under the guise of protecting critical infrastructure,” Greens Senator Mehreen Faruqi added.