(Australian Associated Press)
Australia’s cyber spies would be handed beefed up powers to intervene in major attacks across a wide range of essential services under proposed laws.
The Morrison government will on Wednesday introduce changes to its bill designed to protect critical infrastructure from cyber attacks.
The Australian Signals Directorate would be available as a last resort immediately before, during or following a significant cyber security incident to ensure essential services continue.
The list of critical infrastructure will be expanded to include energy, communications, financial services, defence industry and higher education.
Research, data storage or processing, food and grocery, health care, space technology, transport and water will also be listed.
Operators of critical systems will be required to report all cyber incidents to the signals directorate.
The changes are in line with recommendations from parliament’s bipartisan security committee.
Home Affairs Minister Karen Andrews said the government was committed to protecting essential services including electricity, water, healthcare and groceries.
“Recent cyber-attacks and security threats to critical infrastructure, both in Australia and overseas, make these reforms critically important,” she said on Wednesday.
“They will bring our response to cyber threats more into line with the government’s response to threats in the physical world.”
Ms Andrews said the bill would help business focus on delivering goods and services.
She said it was not reasonable for a supermarket to have highly specialised expertise to deal with a major, debilitating cyberattack.
Attacks could misdirect supply chains, shut down payments, and hold customer data to ransom, the minister said.
The Australian Cyber Security Centre annual threat report showed there a cyber attack was reported every eight minutes compared with one every 10 minutes last financial year.
About a quarter of reported cyber security incidents affected critical infrastructure organisations.
ASD responded to more than 1630 incidents in the past financial year and received about 500 ransomware reports.
While fewer cyber threats were reported compared with the year before they had a more considerable impact, with a higher proportion being placed in the “substantial” category.
The change was influenced by an increase in cyber attacks against large organisations including data theft, extortion and taking services offline.