Cyber spies to get PC access
PEOPLE who refuse to allow cyber-spooks access to their business computers would be jailed under new laws being rushed into parliament.
It will give the Australian Signals Directorate the power to take over the computer systems of any critical infrastructure business unable or unwilling to defend itself against a crippling cyber attack.
The move is in response to fears Australia’s critical infrastructure is dangerously vulnerable to an attack from China, other rogue states or criminal ransomware gangs.
The new “government assistance’’ powers would authorise the Australian Federal Police to force entry into a business and arrest individuals if they did not provide access to their computer systems.
Two-year jail terms and fines of $26,640 would be levelled against individuals who failed to respond to an ASD order. Corporations would face fines of as much as $133,200.
The extraordinary new “last resort’’ powers are thought to be the toughest suite of powers for a government cyber agency anywhere in the world.
High-level briefings in Canberra have warned that China’s Ministry of State Security in particular posed a real threat to our critical infrastructure.
Multiple sources said it was likely Beijing’s hackers had already infiltrated some critical infrastructure systems and planted malware for a future attack. One scenario discussed is the possibility China could launch a cyber attack to take Australia out, ahead of any potential move against Taiwan.
The Security Legislation Amendment (Critical Infrastructure) Bill 2020 will bring 11 sectors – communications, financial services and markets, data storage or processing, defence industry, higher education and research, energy, food and grocery, healthcare and medical, space technology, transport, water and sewerage – under the remit of the new powers, alongside the industries already deemed vital to Australia’s national security.
Chairman of the parliamentary joint committee on intelligence and security Liberal senator James Paterson said urgency was required because Australia’s critical infrastructure faced a cyber attack every 32 minutes.
“Our security agencies need the appropriate tools to mitigate these serious risks,’’ he said. He said criminal ransomware gangs were less likely to cause a major national crisis.
“Only a sophisticated state actor has the resources and the incentive to launch such an attack,” he said.
The power to require companies to upgrade their cyber security will undergo further consultations after strong opposition from business, which fears it could prove too costly.
Director of think tank ASPI’s International Cyber Policy Centre Fergus Hanson said the Bill was “a big deal’’.