Telcos required to report on cybersecurity measures in bid to prevent repeat of 2022 Optus hack

 In Home News Section, Uncategorized

Australia’s telecommunications companies will be hit with new rules forcing them to update the federal government on their cybersecurity regimes, with the Home Affairs minister worried they have been left to manage their own affairs with limited oversight.

Last year’s massive Optus cyber attack forced the issue into the public spotlight, fuelling serious concerns about the preparedness of Australia’s telecommunications sector to deal with hacks – in terms of protecting their services, and the sensitive customer data they hold.

“The rules will make sure that telcos actually meet the minimum cyber standards that were applied to many other critical Australian companies,” Home Affairs Minister Clare O’Neil told the ABC.

“It will require them to properly consider all of the risks on their networks and to establish proper cyber defences.

“These rules, frankly, should have been in place a long time ago.”

The laws will classify telecommunication companies as “critical infrastructure”, which will require company boards to report to government on their cybersecurity strategies in the same way energy companies, hospitals and ports do.

The minister insisted telcos were integral to the nation’s security.

“There’s no question in my mind that, when we came to government, telcos weren’t being properly regulated,” Ms O’Neil said.

“They should always have been subject to strict cyber requirements.

“Now our government is stepping up, we are setting tough new laws for our telco companies to make sure that these companies are properly protecting the cybersecurity of Australian citizens and their data.”

In a statement, Optus said it supported the announcement from government and appreciated the ongoing consultation with industry about the security of critical infrastructure.

Companies to be forced to report to government when hit by ransomware

The announcement comes ahead of the federal government’s new cybersecurity strategy being released next week, which will also focus on the growing threat of ransomware.

“Ransomware is the fastest-growing crime type in our country — It affects every size of business, and it affects a lot of Australian citizens,” Ms O’Neil said.

“You can’t fix a problem, though, that you can’t see, and today this problem is hidden from us.

“We’re going to require for the first time Australians to report and to make clear to government when ransomware demands are made and when payments are made, to start the process of making sure that we can properly tackle this problem together as a country.”

Even though the new approach would require notification of ransom payments, the government insists Australians should not bow to hackers’ demands.

“The strong advice of the Commonwealth government is not to make ransomware payments,” Ms O’Neil said.

“You probably will not get your data back and they will probably come for you again.

“But we do know that some businesses are paying ransoms.

“The critical thing for us at the moment is that we don’t have a clear picture of what this crime type looks like for our country, we need to build that and we need to work with Australians and Australian businesses to move to a position where we can make ransomware payments illegal — that should be the end goal for the country.”

Were you affected by the Optus outage? Do you have a story about how you managed without your phone? Tell us

If you’re unable to load the form, you can access it here.

By political reporter Matthew Doran (Original ABC Article)