The Australian Department of Home Affairs has released a cyber security discussion paper for public consultation.
The paper is in response to recommendations made in the 2020 Cyber Security Strategy Industry Advisory Panel and seeks public views about approaches and initiatives proposed.
Three key areas of focus include:
Setting clear cyber security expectations such as greater use of cyber security governance standards targeted at large businesses and company boards, potentially including greater liability for directors, minimum enforceable security standards to protect personal information and mandatory baseline standards to improve the security of smart devices given the limitations of the voluntary IoT Code of Practice currently in place.
Increasing transparency and disclosure which includes initiatives on cyber security labelling for smart devices to allow consumers to better identify the level of security implemented on, and testing passed by, a device, responsible disclosure policies to facilitate faster and more efficient detection and patching of vulnerabilities and a small business cyber health check system that incentivises participation with a completion reward that can be used to market adequate cyber risk management.
Protecting consumer rights via direct legal remedies for consumers such as reforming the Australian Consumer Law to address impediments to incidents involving cover cyber security and introducing a direct right of action for privacy breaches under the Privacy Act.
The proposed cyber security policies are intended to uplift the cyber security of all digitally enabled businesses, and form part of Australia’s Cyber Security Strategy 2020. These reforms are an attempt for the Government to achieve its goal of being a leading digital economy by 2030.
Home Affairs Minister Karen Andrews said: "Cyber security is a shared responsibility between governments, businesses and the community and as a result the government is taking action to mitigate the real and present danger that cybercrime presents to Australians and our economy.
“I want to make sure Australian businesses – big and small – are secure and consumers are protected.
"We cannot allow this criminal activity to become a significant handbrake on our economic growth and digital security," she added.
A number of the initiatives if implemented will have significant implications on many businesses and directors.