Cyber Security Bill 2024 -
The Cyber Security Bill as introduced to parliament on 9th October 2024, while it has a ways to go before officially becoming an act, it has been referred to committee.
There will finally be standards set on smart/IOT devices which have a history of being used in bot nets due to the lax security
The Cyber Security Bill 2024 focuses on enhancing cybersecurity within Australia. Here are the key takeaways from the document:
1. Mandatory Security Standards for Smart Devices: Manufacturers and suppliers of internet-connectable products in Australia must adhere to specified security standards. This includes labelling products with a compliance statement, which is subject to enforcement actions like compliance, stop, and recall notices for non-compliance.
2. Ransomware Reporting Obligations: Businesses affected by ransomware are required to report payments made to attackers. The reporting must be done within 72 hours and should include details of the incident, the payment, and communications with the attackers. This is intended to enhance government awareness and response capabilities to ransomware threats.
3. Coordination of Significant Cyber Security Incidents: The bill establishes the role of the National Cyber Security Coordinator, responsible for overseeing and coordinating responses to major cybersecurity incidents across government sectors. Businesses may also share incident details voluntarily to support this role.
4. Cyber Incident Review Board: A board is set up to review significant incidents and recommend measures for future prevention, detection, and response. This aligns government and industry efforts to minimize the impact of similar incidents in the future.
5. Data Privacy and Limited Use: Information shared under this act, particularly regarding ransomware reports, is restricted to specific uses. It cannot be used as evidence against the reporting entity and has protections to ensure it’s only utilized for cybersecurity purposes, not civil penalties or unrelated regulatory actions.
6. Extraterritorial Application: This act applies not only within Australia but also extends to external territories, impacting entities operating in or with connections to the Australian market.
The bill is aimed at bolstering Australia’s resilience to cyber threats by mandating standards, enforcing reporting, and promoting a coordinated response to cybersecurity incidents.