In introducing the Cyber Security Bill on 9 October 2024, the Honorable Tony Burke MP explained that the Bill addresses whole-of-economy cybersecurity issues and positions the government to respond to new and emerging threats, including the ability to counter ransomware and cyber extortion. The key measures of the Cyber Security Act 2024 include:
- Mandatory 72-hour reporting obligation for entities who receive a ransomware demand and make a payment in connection with that cyber security incident;
- ‘Limited use’ obligation restricting the information provided to the National Cyber Security Coordinator (NCSC) during a cyber incident, being provided to another Commonwealth body for investigation or enforcement not related to the Bill.
- Establishing a Cyber Incident Review Board (CIRB) to conduct no-fault post-incident reviews of significant cyber security incidents. The Board is modelled on similar bodies, including the U.S. Cyber Safety Review Board, and will also make recommendations for both government and organisations to enhance Australia’s cyber resilience.
- Enabling the government to establish mandatory security standards for smart devices. The aim is to bring Australia into line with international best practice and enhance consumer security, such as prohibiting universal default passwords on smart devices.
Access the Cyber Security Act 2024 here