Home United States USA — software ASD says cyber attack intervention will be 'rare' under critical infrastructure Bill

ASD says cyber attack intervention will be 'rare' under critical infrastructure Bill

217
0
SHARE

The power awarded under the draft legislation may see government modifying the functioning of computers or even deleting software if it was to step in.
The Australian Signals Directorate (ASD) expects intervention in the cyber attack response of companies considered critical infrastructure to only occur in “rare circumstances”. As described in the current form of the Security Legislation Amendment (Critical Infrastructure) Bill 2020, government assistance will be provided to entities in response to significant cyber attacks on Australian systems. Tech giants operating in Australia, such as Amazon Web Services, Cisco, Microsoft, and Salesforce, have all taken issue with these “last resort” powers. “In the rare circumstance of a serious cybersecurity incident impacting the availability of key critical infrastructure assets, Part 3A, Division 5 of the Bill provides a mechanism for government to directly assist an asset owner or operator in rapidly responding to, and remediating a cybersecurity incident,” the ASD explains in its submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security (PJCIS). ASD may be requested by the Secretary of the Department of Home Affairs to assist in responding to a serious cybersecurity incident. The Minister for Home Affairs must consult with the asset owner or operator before authorising the Secretary to request ASD assistance, and the measures authorised must be “proportionate and technically feasible”. Before stepping in, the government must be satisfied that a cybersecurity incident has occurred, is occurring, or is imminent; that the incident is having a relevant adverse impact on the functioning of a critical infrastructure asset; the incident is posing a material risk to the social or economic stability of Australia, its people, national defence, or national security; the relevant entity or entities are unwilling or unable to take all reasonable steps to respond to the incident; and no other options for a practical and effective response exist.

Continue reading...