Australia, insurance, car, home, live, holidays

Australian Security Intelligence Organisation director-general Mike Burgess has warned espionage and foreign interference attempts by multiple countries remain “unacceptably high”.Credit:Alex Ellinghausen

“I remain concerned about the potential for Australia’s adversaries to pre-position malicious code in critical infrastructure,particularly in areas such as telecommunications and energy,” Mr Burgess said in ASIO’s annual report tabled in Federal Parliament on Tuesday. “Such cyber-enabled activities could be used to damage critical networks in the future.”

He said the attacks would “undermine Australia’s sovereignty,democratic institutions,economy and national security capabilities”,while also warning espionage and foreign interference attempts by multiple countries remained “unacceptably high”.

“These attempts occur on a daily basis. They are sophisticated and wide-ranging. They are enabled and accelerated by technology,” he said. “And they take place in every state and territory,targeting all levels of government,as well as industry and academia.”

The government will on Wednesday introduce amendments to its contentious critical infrastructure bill in line with therecommendations of a bipartisan inquiry to pass some changes immediately while continuing to consult industry on more controversial proposals.

The bill,which would require operators of critical infrastructure to report cyber attacks within 72 hours of being hacked,is now expected to be passed within days. As a last resort,the government would also be able todeclare an emergency, which would give the cyber spy agency,the Australian Signals Directorate,the power to plug into the company’s network to defend against the attack.

Business groups and unions werescathing of the government’s consultation with industry and stakeholders during the security and intelligence committee’s inquiry into the proposal,resulting in the recommendation to split the bill.

Prime Minister Scott Morrison last year revealeda wave of sophisticated cyber attacks on all levels of government,industry and critical infrastructure including hospitals,local councils and state-owned utilities.

The new laws will redefine what is deemed critical infrastructure,with universities,finance and banking,health and the food and grocery sectors,communications,defence industry,energy and transport added to the list.

Other proposals,such as new “positive security obligations” for businesses – which would include developing risk management plans – will be put in a separate bill after further consultations with industry and stakeholders.

Home Affairs Minister Karen Andrews said recent cyber attacks on critical infrastructure,both in Australia and overseas,made the changes “critically important”.

She said the laws would “secure the essential infrastructure and services all Australian’s rely on – everything from electricity and water,to healthcare and groceries”.

“They will bring our response to cyber threats more into line with the government’s response to threats in the physical world,” she said. “This legislation is about helping businesses focus on what they do best – delivering goods and services and supporting their customers.”

The Sydney Morning Herald andThe Agerevealed last week that global tech giants had stepped up their opposition to the laws,warning the bill would allow authorities to forcibly access their networks without due process.

The industry bodies representing some of the world’s biggest technology companies,including Google,Microsoft,Intel,Twitter,eBay,Amazon and Adobe,said the laws would create an “unworkable set of obligations and set a troubling global precedent”.

The government has been frustrated by a lack of co-operation during and after a cyber attack from some companies operating critical infrastructure.

The parliamentary inquiry into the proposed laws heard a major Australian company the subject of an attackrefused to comply with the ASD for weeks. Transport and logistics giant Toll Group later concededit may have been the company that failed to adequately engage with the ASD.

The Morning Edition newsletter is our guide to the day’s most important and interesting stories,analysis and insights.Sign up here.

License this article