Optus, Telstra and other major telcos will be hit with new rules forcing them to keep the government updated on their cybersecurity regimes or face hefty fines.
Home Affairs Minister Clare O’Neil will move to classify telecommunications as “critical infrastructure” for the first time.
This will mean company boards are held to the same standards as hospitals, utilities, ports and energy generation assets, including the requirement to develop a risk management program.
Ms O’Neil said last week’s Optus outage underscored why Australia needed to “both strengthen and simplify the rules”.
“Reliable telcos are vital to Australia’s national security. As we learned again last week, nothing much works in the 2020s without reliable internet,” she said.
“Tougher rules mean a more cyber safe Australia.
“Our telcos must be prepared for major vulnerabilities, have risk management plans in place, and build backups to maintain essential services when things go wrong.”
Last year, Ms O’Neil described the current cyber security laws as “bloody useless” after 9.8m Australians had personal data stolen during an attack on Optus.
The changes are set to form part of the Albanese government’s updated cyber security strategy, expected to be released next week.
It also comes in the wake of a suspected ransomware attack against DP World Australia which handles 40 per cent of international freight.
Ms O’Neil said the new strategy would also focus on the growing threat of ransomware by forcing companies to report when they are under attack.
But the government will not move to ban organisations from paying offenders until it gets a greater picture of who is targeted and when, and how many ransom demands are paid per year.
“Over the last 12 months, I have engaged with hundreds of business leaders across the country and some of the best cyber thinkers in the world, and what we have heard consistently is that Australia is not yet ready for an outright ban of ransomware payments,” she said.
“Our first step must be getting the right supports in place for businesses and citizens so that it can become an easy decision to not pay ransoms. And, to build a picture of what’s really going on so we can tackle it head on.”
Global ransomware attacks have surged 45 per cent in the first half of the year, according to the Center for Strategic and International Studies.
The Australian Signals Directorate estimates ransomware incidents cost the Australian economy $2.95 billion AUD annually.