While the new laws are still to be negotiated with industry and worked out in Parliament, the government plans to set up a direct line between the ASD and operators of critical infrastructure. At the lowest level, this would impose an obligation on companies to send the ASD “signatures” – a file containing a data sequence used to identify an attack on the network – when they are being attacked.
Under the approval of Home Affairs Minister Peter Dutton, the ASD could also be given access to the network to monitor and defend against significant cyber attacks.
Telstra chief executive Andy Penn said the new powers to allow ASD into the networks of critical infrastructure operators were needed, but they should be done “with close and careful consultation” with industry.
“I look at the cyber world through the lens of the physical world. If a nation state was under attack – every body would expect their government to come in – the defence forces would come in and protect that part of the country,” he said.
“In the cyber world it may manifest differently … and that’s why governments need to be able to have some degree of ability to step in.”
Alastair MacGibbon, former head of Australian Cyber Security Centre, said the ASD would go into systems to monitor and defend the network, not “to spy”.
“They take that pretty seriously. They would be looking at network defence,” he said.
Mr MacGibbon, now chief strategy officer of CyberCX, said the move to impose a fiduciary duty on company directors would send a signal to the market that “it’s time to start treating cyber security risk seriously”.
“This sends the strongest signal I have ever seen sent to the market to get your house in order and that change is coming,” he said.
The strategy also calls on internet service providers and other web companies to put in place systems that automatically block malicious websites and activity, along the lines of the “cleaner pipes” initiative Telstra has already put in place.
Sarah Sloan, from global cyber security company Palo Alto Networks, said all Australian ISPs and telcos needed to automatically block cybersecurity threats in real-time.
“We appreciate Australia’s record financial investment and commitment to partnering with industry to make the strategy a collective effort,” she said.
Get our Morning & Evening Edition newsletters
Anthony is foreign affairs and national security correspondent for The Sydney Morning Herald and The Age.