Written by: Haim Ravia, Dotan Hammer
Australia has enacted a new law designed to improve cyber security for the country. The law addresses several key areas including mandatory security standards for internet-connectable products, ransomware reporting obligations, information sharing for significant cyber incidents, and the establishment of a Cyber Incident Review Board.
The law mandates security standards for relevant internet-connectable products. Manufacturers and suppliers of these products must comply with specified security standards. The law also imposes ransomware reporting obligations on certain entities who have made or are aware of a ransomware payment made to an entity seeking to benefit from a cyber security incident. Reporting business entities must report such payments to a designated body in Australia within 72 hours. Importantly, the information provided in a ransomware payment report cannot be used for civil or regulatory action against the entity.
The law provides for voluntary information sharing with the Australian National Cyber Security Coordinator in relation to significant cyber security incidents. The National Cyber Security Coordinator’s role is to lead the coordination and triaging of the government response to significant cyber security incidents. The law protects information provided to the National Cyber Security Coordinator by ensuring it is not admissible in evidence against the providing entity in legal proceedings.
Click here to read the Australian Cyber Security Act.
