Threat Intel Solutions

[Geo-Specific](https://www.govinfosecurity.com/geo-specific-c-518) , [Standards, Regulations -& Compliance](https://www.govinfosecurity.com/standards-regulations-compliance-c-435)Year In Review: Australia Expands Cyber Regulation==================================================2024 Marked the Government’s Increasing Role Mandating Cybersecurity [Jayant Chakravarti](https://www.govinfosecurity.com/authors/jayant-chakravarti-i-5635) ([@JayJay_Tech](https://www.twitter.com/@JayJay_Tech)) • December 26, 2024 [](https://www.bankinfosecurity.com/year-in-review-australia-expands-cyber-regulation-a-27159#disqus_thread) * * * * * [Credit Eligible](/premium/pricing ‘As a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking.’)* [](/premium/pricing ‘As a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking.’)* Get Permission*  Inside Parliament in Canberra, Australia. (Image: Shutterstock)Australia announced a flurry of cybersecurity legislation and regulations in 2024, spotlighting the government’s intent to fortify the nation’s cybersecurity in the wake of the Medibank and Optus data breach incidents.**See Also:** [Expert Panel -| Data Classification: The Foundation of Cybersecurity Compliance](https://www.govinfosecurity.com/webinars/expert-panel-data-classification-foundation-cybersecurity-compliance-w-3408?rf=RAM_SeeAlso)The Australian Parliament approved the Cyber Security Act in late November, a core component of the government’s cybersecurity legislative package intended to strengthen the government’s powers to monitor cybersecurity threats, build resilience and eradicate vulnerabilities in smart devices. Australia’s Labor government vowed in 2022 to transform the country into the world’s ‘most cyber-secure’ by 2030 following back-to-back cyber incidents at [private health insurer Medibank](/medibank-to-spend-au126-on-post-breach-security-uplift-plan-a-26129) and [telecommunications provider Optus](/court-orders-optus-to-release-data-breach-report-to-lawyers-a-25331) (see: [*Australia Aims to Be World’s ‘Most Cyber-Secure’ Country*](/australian-aims-to-be-worlds-most-cyber-secure-country-a-20677 ))The act requires certain sectors to report ransomware payments and empowers the government to set mandatory cybersecurity standards for smart devices.A week before the Cyber Security Act passed both houses of the Parliament, the government announced its intent to ban users younger than 16 from accessing social media platforms, a move that evoked harsh criticism nationwide, with critics calling the blanket ban ‘too blunt an instrument to address risks effectively’ and questioning how the ban will be enforced.The government has also introduced several mandatory regulations over the course of the year, including the financial regulator telling banks, financial services and insurance providers to undergo cybersecurity assessments, the government expanding the list of services that fall under the definition of critical infrastructure, and unveiling a digital ID scheme that has raised data privacy concerns.The government has justified its intent to strongly regulate critical infrastructure and the financial sector, citing perpetual cyberespionage activities conducted by nation-state actors to steal intellectual property and trade secrets from Australian organizations. In July, the Australian Cyber Security Center said a Chinese state-backed cyberespionage group, tracked as APT40, conducted cyberespionage campaigns against government and private organizations to steal sensitive information and surveil its victims.### Lax Cybersecurity Controls and ProcessesAn audit by the Australian National Audit Office found that government organizations, such as the Australian Transaction Reports and Analysis Center and Services Australia, displayed middling capability in designing and implementing incident management procedures or implementing effective incident management recovery practices to mitigate disruptions to operations.The government amended the Security of Critical Infrastructure Act 2018 in November to give itself powers to categorize certain data storage systems as critical infrastructure assets and require their owners to apply critical infrastructure regulations to the assets.The Australian Cyber and Infrastructure Security Center in November also [designated](https://minister.homeaffairs.gov.au/TonyBurke/Pages/protecting-australias-critical-infrastructure.aspx) 46 additional critical infrastructure assets as ‘systems of national significance,’ taking the total count of such assets to more than 200 systems across critical infrastructure sectors.Operators of the designated systems must apply cybersecurity controls, conduct exercises and assessments and share information with federal cybersecurity agencies to ensure continuous monitoring and management of such assets.  #### [Jayant Chakravarti](https://www.govinfosecurity.com/authors/jayant-chakravarti-i-5635)*Senior Editor, APAC* Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.[](https://twitter.com/@JayJay_Tech) [](mailto:jchakravarti@ismg.io)  [whitepaper](https://www.govinfosecurity.com/whitepapers/solve-credential-chaos-digitize-securely-w-5534?rf=RAM_Resources)##### [Solve Credential Chaos and Digitize Securely](https://www.govinfosecurity.com/whitepapers/solve-credential-chaos-digitize-securely-w-5534?rf=RAM_Resources) ##### [How Payment Service Directive (PSD2) is Changing Digital Banking – Are You Ready?](https://www.govinfosecurity.com/webinars/how-payment-service-directive-psd2-changing-digital-banking-are-you-w-1378?rf=RAM_Resources) ##### [How to Take the Complexity Out of Cybersecurity](https://www.govinfosecurity.com/interviews/how-to-take-complexity-out-cybersecurity-i-5426) ##### [Webinar -| Prisma Access Browser: Boosting Security for Browser-Based Work](https://www.govinfosecurity.com/webinars/webinar-prisma-access-browser-boosting-security-for-browser-based-work-w-5982?rf=RAM_Resources) ##### [OnDemand -| Compliance and Cyber Resilience: Empowering Teams to Meet Security Standards](https://www.govinfosecurity.com/webinars/ondemand-compliance-cyber-resilience-empowering-teams-to-meet-security-w-5980?rf=RAM_Resources) [Critical Infrastructure Security](https://www.govinfosecurity.com/critical-infrastructure-security-c-525)##### [US Congress Authorizes $3B to Replace Chinese Telecom Gear](https://www.govinfosecurity.com/us-congress-authorizes-3b-to-replace-chinese-telecom-gear-a-27160) [Geo-Specific](https://www.govinfosecurity.com/geo-specific-c-518)##### [Year In Review: Australia Expands Cyber Regulation](https://www.govinfosecurity.com/year-in-review-australia-expands-cyber-regulation-a-27159) [Blockchain -& Cryptocurrency](https://www.govinfosecurity.com/blockchain-cryptocurrency-c-483)##### [Cryptohack Roundup: FBI Fingers TraderTraitor for $308M Hack](https://www.govinfosecurity.com/cryptohack-roundup-fbi-fingers-tradertraitor-for-308m-hack-a-27158) [Cybercrime](https://www.govinfosecurity.com/cybercrime-c-416)##### [Breach Roundup: Cyberattack Disrupts Japan Airlines](https://www.govinfosecurity.com/breach-roundup-cyberattack-disrupts-japan-airlines-a-27157) [AI-Driven Security Operations](https://www.govinfosecurity.com/ai-driven-security-operations-c-926)##### [Salt Security Tackles API Risks with AI-Powered Innovations](https://www.govinfosecurity.com/salt-security-tackles-api-risks-ai-powered-innovations-a-27141)[Overview](https://www.govinfosecurity.com/webinars/risk-management-framework-learn-from-nist-w-255) * Twitter* Facebook* LinkedIn* * * From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now.Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 – the bible of risk assessment and management – will share his unique insights on how to:* Understand the current cyber threats to all public and private sector organizations;* Develop a multi-tiered risk management approach built upon governance, processes and information systems;* Implement NIST’s risk management framework, from defining risks to selecting, implementing and monitoring information security controls.Presented By———— [Presented By](/authors/ron-ross-i-558)—————————————#### [Ron Ross](/authors/ron-ross-i-558)*Sr. Computer Scientist -& Information Security Researcher, National Institute of Standards and Technology (NIST)*

Related Tags:
NAICS: 524 – Insurance Carriers And Related Activities

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 42 – Wholesale Trade

NAICS: 424 – Merchant Wholesalers

Nondurable Goods

NAICS: 334 – Computer And Electronic Product Manufacturing

NAICS: 52 – Finance And Insurance

NAICS: 92 – Public Administration

NAICS: 33 – Manufacturing – Metal

Electronics And Other

Blog: GovInfoSecurity

Associated Indicators: