The Australian government has recently passed the Security Legislation Amendment (Critical Infrastructure) Bill 2020 (Bill).

This new Bill amends the previous critical infrastructure act by expanding the number of sectors classified as critical infrastructure. More importantly, the legislation requires mandatory reporting to the Australian Signals Directorate and provides the Australian Cyber Security Centre with additional powers in the event of cyberattack.

The Bill saw major pushback from key industry players as well as the Greens party. Under this new law, the industries of communications, finance, data storage, Defence, tertiary education, and space engineering, will be forced to comply with the mandatory reporting requirements. In fear of cyberattack, companies in this industry will now likely have to install government spy software to permit the government access to their technology, data, and networks. Interestingly, the Parliamentary Joint Committee on Intelligence and Security separated other obligations of the Bill, namely enhanced cyber security obligations, to a later stage.

The Australian Information Industry Association and the Information Technology Industry Council called this Bill “highly problematic” and an invasive use of government resources. The pressure of this Bill lies on the looming threat of cybersecurity. However, the government has taken it upon itself to infiltrate private industries and labelled it a “last resort” effort to combat cyberattacks and ransomware threats. Moreover, the Bill has been severely tweaked to its previous legislation with overarching power and rushed without foresight. Major players such as Google, Atlassian, and Amazon have condemned the Bill as an unreasonable use of government power with severe risk of “unintended negative consequences”.

Do you believe the government should have this much power, even in the name of cybersecurity?