Gridware’s security roundup is back once more to cover the past month’s biggest security events. From laws to Lego, there was something for everyone in September’s information security news.
Proposed Cyber Legislation Cops Widespread Criticism
In August, a draft of the Assistance and Access bill was published. It proposed to give law enforcement agencies stronger powers for dealing with online communication and its service providers. Outcry from the industry began straight away, but as the period for public comment drew to a close, weightier conglomerates began to throw in their criticism as well.
Australian industry bodies expressed their worries about the ambiguity of the bill, and how it could lead to communication providers being forced to violate the privacy and security of their customers.
In a joint statement between the Australian Mobile Telecommunication Association, the Australian Information Industry Association and the Communications Alliance (which represents companies such as Huawei, Nokia, Telstra and Optus), the bodies warned that under the bill, “Agencies could oblige a device manufacturer to preload (and then to conceal) tracking or screen capture software (spyware) on commercial handsets which could be activated remotely”.
A group of international organisations including Apple, Google, Microsoft, the Electronic Frontier Foundation and many more, also expressed their concerns. In a jointly submitted commentary, they expressed similar fears over the bill’s ambiguity, in which one section stated that communication providers “must not be required to implement or build a systemic weakness or systemic vulnerability”.
Despite this, the commentary contends that the compulsory requests covered elsewhere in the bill have a lack of oversight, as well as definitions that are too broad. They worry that the broadness of the bill could result in authorities forcing communications providers to weaken privacy and security measures, which would have global repercussions.
The public comment period has now closed and the bill has been sent to the Parliamentary Joint Committee on Intelligence and Security for review. Whether it gets passed as is, revised or scrapped is up in the air, especially considering just how strong the opposition from the industry has been.
NSW Launches New Cyber Security Strategy
On the 28th of September, the NSW government published its new cyber security strategy. The cyber security imperative aims to provide “an integrated approach to preventing and responding to cyber security threats across NSW, safeguarding our information, assets, services and citizens.”
The strategy will lead to the creation of a cyber incident reporting scheme, security training for government employees as well as inter-agency information sharing. The government will also focus on refining cyber security terms, developing a more cyber-aware culture, introducing security-by-design and a range of other initiatives.
The DHS Hosts Its Second Annual Cyber War Games
In lighter news, the Department of Human Services (DHS) hosted a conference for more than 70 government and private sector security employees. Their mission? To protect Shell Cove–a Lego stand-in for an Australian city–from cyber attacks.
Despite the playful atmosphere, the event had a serious purpose. With the increase in number and severity of cyber attacks, the conference aimed to enhance collaboration between the private and public sector in order to help protect the nation.
If you have something bigger than a Lego city that needs to be defended, contact us at Gridware. We have the expertise and resources needed to minimise the risks your business faces, helping to protect you now and in the future.