Tech giants call for changes to critical infrastructure Bill

By Dylan Bushell-Embling
Friday, 09 July, 2021

Tech giants call for changes to critical infrastructure Bill

Technology companies are calling on the government to make changes to the new critical infrastructure security legislation to clarify the powers government agencies have to compel companies to respond to security threats.

In its submission to the Parliamentary Committee on Intelligence and Security for the review of the legislation, Atlassian said the Bill should allow for judicial review of the government assistance powers granted under the legislation.

In addition, the company has recommended that the government and industry jointly develop predetermined, ready-for-action protocols for each individual industry classified as a provider of critical infrastructure.

Creating protocols and recognising them in the Bill would have the benefit of giving government greater capability to effectively carry out ministerial capability, as well as encouraging companies and industry bodies to get involved in the planning process, Atlassian said.

The company has also recommended that the threshold for what constitutes a ‘critical’ security incident should be higher, to prevent government and regulated bodies from being overwhelmed with incident reports and administrative burden.

The Cybersecurity Coalition — which consists of a number of major technology companies including Google, Cisco, Intel and Microsoft — meanwhile used its submission to recommend the incorporation of both critical infrastructure providers and cybersecurity companies into the sectoral co-design processes.

In addition, the Coalition is recommending the ‘grace period’ for enforcement of positive security obligations under the Bill be extended from six to 12 months, and that the Bill places a stronger emphasis on the declassification of threat information where possible so it can be used for threat intelligence.

Other recommended mechanisms for encouraging threat information sharing include assurances that any shared information be protected from Freedom of Information-like requests and providing limitations on liability and regulatory disclosures for entities that voluntarily share threat information.

Meanwhile the Coalition is calling for additional safeguards for the government assistance measures facilitated by the legislation, including a robust oversight process for the use of the powers, clear definitions of the powers granted to government officials, and strict penalties for abuse of the powers.

Finally, Palo Alto Networks mirrored the Coalition’s calls for security companies to be included in the stakeholder engagement co-design process.

The company also recommended that thresholds and timeframes for cybersecurity incident reporting provisions be revised. For example, Palo Alto recommended replacing the current reporting mandates of 12 and 72 hours for various incidents with a requirement for entities to report “as soon as is practically possible”.

On the government assistance powers, Palo Alto recommended that the legislation ensure that any companies compelled to take an action cannot be forced to breach a contractual relationship or be non-compliant with the laws of another jurisdiction.

Image credit: ©

Related Articles

It's time to re-evaluate public cloud migration

The DTA's Hosting Certification Frameworks are a step in the right direction, but true data...

New Bill strengthens online powers for AFP, ACIC

Australian federal authorities have been granted online account takeover powers after a new Bill...

Cyber attacks: education, not awareness, key to reducing effects of crime

The increased frequency of cybersecurity advisories being published by governments is great for...

  • All content Copyright © 2021 Westwick-Farrow Pty Ltd