Australia’s first cyber security legislation has been passed by parliament after being approved by the senate yesterday.
The package of legislation was introduced last month as part of the government’s 2023-2030 Australian Cyber Security Strategy.
Now, businesses that pay ransomware hackers will be compelled to report it to the government.
There is also a ‘limited use’ obligation for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD) to share information from a victim during an incident.
Agencies had found themselves being cut out of the information loop by the private sector as they responded to an attack.
The laws also create mandatory security standards for smart devices.
In a statement, Minister for Cyber Security Tony Burke said the law is “a key pillar in [the government’s] mission to protect Australians from cyber threats”.
The Cyber Security Bill forms part of a legislative package consisting of amendments to the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 and the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024.
Elements of the bill were first promised by the government in 2021, during which time ransomware attacks soared.
The government also flagged the need for a potential Cyber Security Act in February last year.
Home Affairs then ran several consultations, culminating in an exposure draft being shopped to industry last month. In total, 60 submissions were lodged to the parliamentary joint committee on intelligence and security (PJCIS).
The amendment to the Intelligence Services Act will also aid information sharing with the Australian Signals Directorate during a cyber incident.