Australian Prime Minister Scott Morrison unveiled on Thursday a new cybersecurity strategy (pdf) to protect the countrys critical infrastructure against cyber-attacks. New legislation will be introduced to give law enforcement agencies powers to access the networks of companies deemed critical infrastructure to protect them against potential cyber-attacks.
The strategy says, “The Australian Government will ensure law enforcement agencies have appropriate legislative powers and technical capabilities to deter, disrupt and defeat the criminal exploitation of anonymizing technology and the dark web.”
These powers will “allow offensive disruption capabilities” and will empower “law enforcement to take the fight to the digital front door of those using anonymizing technology for evil purposes,” according to a joint statement by Morrison and Australias Minister of Home Affairs Peter Dutton.
To support the new strategy, Australia will spend A$1.67 billion ($1.2 billion) over the next 10 years, Morrison said.
The increased spending is intended to fortify critical infrastructure, boost police efforts to disrupt criminal activity on the dark web, and strengthen community awareness.
The Australian Signals Directorate (ASD)—a government intelligence agency focused on cybersecurity and cyberwarfare—received government funding in June to enhance its capabilities to identify and disrupt cyber threats, and the new strategy will direct more funding to “expand ASDs data science capabilities.”
The government will also invest in Australian universities to strengthen their cyber security and fund their cyber threat intelligence sharing network.
Companies will also be legally bound to ensure that their networks comply with cybersecurity standards.
The new strategy expands the list of industries that will be protected.
In 2018 the Australian Government introduced reforms to protect critical infrastructure sectors such as “the telecommunications sector and certain electricity, water, gas and port assets” against cyber threats.
The new strategy “will build on this foundation to include” other sectors critical to the Australian way of life.
“The Government will work with owners and operators of critical infrastructure to update legislation to ensure that critical infrastructure sectors deliver their essential services with security front of mind,” Dutton said in the joint statement.
“Agencies will be equipped to help address sophisticated threats, particularly to the essential services all Australians rely on—everything from electricity and water, to healthcare and groceries,” he added.
The banking sector will also be considered critical infrastructure, Dutton said at a press conference.
The strategy was developed in consultation (pdf) with a community and industry expert panel chaired by Andrew Penn, chief executive of Telstra—Australias largest mobile network provider.
Penn said that the new powers, which allow the government agency into the networks of critical infrastructure operators, were needed, but they should be done “with close and careful consultation” with industry, according to The Sydney Morning Telegraph.
Dutton told media that the new strategy will assist law enforcement agencies in countering terrorists, drug or human traffickers, pedophiles, and other criminals who operate on the dark web which allows them to remain anonymous, according to The National Digest.
Alastair MacGibbon, a former director in the ASD said the government agency would access networks to monitor and defend them, not “to spy,” reported The Sydney Morning Telegraph.
If the strategy gets implemented, Australian spy agencies could for the first time directly target specific Australian citizens.