New cyber security laws could result in critical data being sent overseas, the head of a major Australian data firm warns.
The Security of Critical Infrastructure bill, currently before federal parliament, would give cyber security agencies power to step in to corporate IT systems when there’s a major cyber attack that threatens to bring down vital infrastructure.
But the laws won’t apply to Australian data stored overseas.
“This has the potential to create a dangerous gap in which we lose control of our data,” the chief executive of Macquarie Telecom Group David Tudehope said.
He told AAP the bill actually creates a perverse incentive for companies to store important data offshore, to avoid extra regulation and the costs that come with it.
“Its absolutely critical for the nation to defend against a cyber attack,” he said.
“We believe it’s essential data is stored and secured in Australia.”
Australia’s existing privacy and telecommunications laws apply to organisations operating overseas, and he said the same is needed to combat the cyber threat.
The industries affected
The bill identifies 11 industries that would fall under the new laws, including communications, transport, banking, healthcare, and groceries.
As well as a tougher reporting regime, the laws would enable federal cyber detectives to reach into companies’ systems to detect hackers and foreign adversaries.
“A lot of companies have contracts that would make it difficult for them to accept government help, and this legislation would override that,” Mr Tudehope explained.
According to the head of the Australian Signals Directorate, the cyber threat is intensifying, with a 60 per cent increase in ransomware attacks over the past 12 months.
Rachel Noble fronted a parliamentary committee on cyber security in June and said healthcare systems have been a significant target.
“The vast majority of the attacks over the past year that ASD is aware of are focused on critical infrastructure sectors or systems of national significance,” she said.
She gave evidence that Australian companies including JBC, Toll Group and Nine had already been hit by “catastrophic” attacks.
On some estimates, a significant cyber attack on Australia could cost $30 billion and 160,000 or more jobs.
Macquarie Telecom runs five data centres in Australia, and earlier in July announced it would build its biggest-ever storage centre in Sydney at an initial cost of $78 million.