September 30, 2021
Australia’s critical infrastructure suffers a cyberattack every 32 minutes and our power, water, and food and medicine supplies are all at risk both from criminal gangs and enemy nations who could “shut down the entire economy in a crisis.”
To counter the threat, the powerful Parliamentary Joint Committee on Intelligence and Security has recommended a two-step change to cybersecurity laws to give the government emergency powers to direct private companies in a crisis.
Under the approach proposed Wednesday, two bills would be submitted to parliament – a first one granting emergency powers to be used as a last resort in crisis situations intended to pass quickly, followed by a second piece of legislation to more clearly set definitions around critical infrastructure and the role of private industry in protecting Australian assets.
“There’s two fears this report is aiming at,” said Fergus Hanson, Director of International Cyber Policy at the Australian Strategic Policy Institute.
“One is like what you’ve seen in the US where cybercriminals have used ransomware attacks to bring critical infrastructure to a halt, such as when hackers shut down the Colonial Pipeline, a major petrol artery, and you saw days of people queuing at petrol stations,” he said.
“That’s obviously a big problem but can’t shut down the country in a serious way.”
“The other is state actors that may want to act to exercise coercive control (over Australia) or shut down the entire economy in a conflict situation.”
During the committee’s hearings on the legislation earlier this year, cybersecurity and defence experts testified that China or other rogue nations could turn off our ability to respond to an event such as an invasion of Taiwan.
“As great power conflict increases, particularly in the case of Russia or China, we will see colder or warmer activity. What we may see is precursor operations that disable infrastructure to prevent the opposing power from being able to project power,” Chris Krebs, who was the first director of the US’s Cybersecurity and Infrastructure Security Agency, said at the time.
Among the sectors targeted by the proposed legislation include energy, food and groceries, water supply, finance, data storage, transport, and sewerage.
Victorian Senator James Paterson, who chairs the committee, said, “Australians would be rightly concerned to know that a cyberattack occurs on critical infrastructure every 32 minutes.”
“Given how much our livelihoods and our lifestyles depend on these digital systems, we all have a responsibility to ensure we take threats to these systems seriously,” he said.
