Macquarie Government MD Aidan Tudehope has welcomed the passing in the Australian federal government of the Security of Critical Infrastructure (Consequential and Transitional Provisions) Bill 2018.
The bill aims to deal with consequential and transitional matters related to the Security of Critical Infrastructure Act 2018, to amend the Foreign Acquisitions and Takeovers Act 1975.
As a part of Macquarie Telecom Group, Macquarie Government specialises in Australian in providing cyber security, secure cloud and data centres services, with 42 per cent of Federal Government agencies currently using its offerings.
Tudehope described the new legislation to protect critical infrastructure from malicious attack as a crucial step forward in protecting the country’s economic nervous system from cyber attack.
“The sad reality is that there are individuals, groups and even nations that have shown a willingness and ability to put the wealth, health and even lives of innocent Australians at risk by attacking critical infrastructure,” he said.
“Much of the infrastructure that allows us to operate in our day-to-day lives – power, communications, water, transport systems – are privately owned, and all are completely dependent on information and communications technologies to work,” Tudehope added.
He said the government’s own core agencies were obliged to comply with well-established standards and best practice guidelines. But Tudehope warned that protection of the national interest required these high standards to now stretch beyond these agencies.
“The government is right to step in now, before we have had a major incident, to take a leadership role in overseeing the preparedness of owners and operators of critical infrastructure to address these new challenges,” said Tudehope.
Programs developed to protect the government’s own agencies – such as controls over pathways to the Internet and certification of private sector cloud services by the experts in the Australian Signals Directorate of security standards – have become integral to the cyber security of the Commonwealth, he said.
“The owners and operators of critical infrastructure – be they state governments or private enterprise – have been under no obligation to even consider these standards,” said Tudehope. “The new laws mean the country’s leading cyber security experts in Canberra can now investigate the practices by these owners and operators. If necessary, the Minister can step in as a last resort.”
“Hopefully this will never be necessary as the passage of the laws should be enough to prompt critical infrastructure businesses to take action themselves to come into line with the standard practice for Federal Government agencies,” Tudehope added, noting also the understandable concern of many players in the private sector about governments intervening in their decision making.
“But the government has worked hard to strike an appropriate balance to ensure there is a focus on cyber safety without being overly intrusive, including the provision of a 12-month implementation period,” he said.