Former army chief of cyber warfare warns Australia’s critical data not to be stored overseas, as new laws can’t come soon.
Ex-army Boss Wants Tougher Cyber Laws For Australia ASAP
CANBERRA, Australia — The Australian defense force’s former head of information warfare says new laws to toughen cybersecurity “can’t come soon enough.”
Retired Major General Marcus Thompson claims Australia’s reliance on overseas cyberinfrastructure has left the country especially vulnerable to cyberattacks from sophisticated state-based actors and professional criminal groups.
“The threat is real, and the threat is active. The threat wishes us harm,” he said.
He warned the recent Fastly outage that brought down global news websites is a timely reminder of the country’s dependence on offshore IT infrastructure.
“We were dependent on a foreign entity to get that backup and running; it was entirely in foreign hands,” Thompson said.
He said critical data should be stored in Australian sovereign territory.
“I would like to see Australia become a little less dependent on foreign entities for the capabilities that we rely on for our everyday activities.”
There were 2266 cyber incidents reported to the Australian Cyber Security Centre in 2019-20.
Recent cyberattacks have targeted the health sector, airports, water services, transport, logistics, and federal parliamentary networks.
The federal government has allocated more than AU$42 million ($31.5 million) to secure critical infrastructure, such as hospitals and power networks, against major cyber attacks.
Thompson claims access to critical material could be shut off if the data is stored anywhere subject to a foreign power, and he warned of developments such as cloud data storage.
“I have a belief that there are aspects of this we ought to be careful about,” he said.
The draft Security of Critical Infrastructure Bill, currently before federal parliament, would give cybersecurity agencies power to intervene in serious incidents where critical infrastructure such as telecommunications is threatened.
The bill identifies infrastructure across 11 sectors that would be subject to the laws, including telecommunications.
The Australian Signals Directorate submission on the bill said malicious cyber activity against Australia is increasing in frequency, scale, and sophistication.
“While Australia has not suffered a catastrophic cyber attack on critical infrastructure, we are not immune,” the Australian Signals Directorate warned.
A number of business and industry groups told the parliamentary committee examining the bill the laws would put a heavy regulatory burden on industry and make it harder for Australian companies to get finance.
But the Active Cyber Defense Alliance group, composed of cybersecurity firms as well as the Australian Competition and Consumer Commission, told the committee the proposed laws are too weak, “like bringing a knife to a gunfight.”
Thompson believes the laws could be strengthened over time and hopes they will provide some impetus to move critical data storage within Australia.
“So if something goes wrong, the ability to get it back up and running again is in our hands,” he said.
(Edited by Vaibhav Vishwanath Pawar and Pallavi Mehra)