The government has stepped up its focus on cybercrime over the past year, regarding it as a threat to national security.
Home Affairs Minister Karen Andrews this week warned cybercrime was costing the Australian economy about $3.5 billion a year as she released a discussion paper on new cyber-security standards to be co-designed with industry. The paper canvassed the idea of making company directors of large Australian companies personally liable for failing to mitigate cyber-security attacks.
Mr Penn also backed the government’s proposed critical infrastructure laws, currently before the Federal Parliament, that would allow security agencies to take control of private companies’ networks in the event of severe cyber attacks.
Drawing a hypothetical comparison with foreign actors attacking an Australian port, he said government intervention was not only justified but expected when national security was at risk.
“I don’t think we would think twice about the Australian Air Force was being deployed to go and protect that infrastructure, regardless of whether that infrastructure was owned by the government or a private operator for a minute,” Mr Penn said.
The industry advisory committee, which released its first annual report on Thursday, called for clearer guidance to be developed to help businesses prevent and respond to ransomware attacks – among the fastest-growing areas of cybercrime – including whether ransoms should be paid.
“Despite the significant efforts in this regard, sadly most Australians and Australian businesses are ill-prepared for a direct cyber attack on them,” Mr Penn said.
Ransomware is a form of malware designed to encrypt a victim’s files until a ransom is paid. Toll Holdings, BlueScope Steel, Lion Dairy and Drinks, and Nine Entertainment (owner of The Sydney Morning Herald and The Age) have all been hit by major ransomware attacks over the past 18 months, with some paying ransoms to hackers.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.