Feds finalise telco security bill review

cyber_security_piracy_hacking_540x350

This January, the Federal government will finalise industry-wide consultations involving widely-debated amendments to telecommunications security laws.

The Australian government is finalising industry-wide consultations that lay the groundwork for changes to the telecommunications security laws. The final consultation is due in January, following on from a second exposure draft that was released on 27th November by the Attorney-General George Brandis and Minister for Communications and the Arts, Mitch Fifield.

Additional feedback is being sought to the Commonwealth’s Telecommunications and Other Legislation Amendment Bill. The November revised draft offers a revised explanatory memorandum, together with draft industry guidelines. This incorporates wide-spread feedback during 2015 involving the structure and composition of telco security laws.

Proposed amendments impact the way security is managed by telcos, internet service providers or carriers. There are ramifications around privacy, meta data, and information-sharing arrangements between industry and government.

Amendments to the Telecommunications Act (1997) seek to strengthen the current framework to manage national security risks across telecommunications networks. National security risks are categorised as espionage, sabotage, and foreign interference. These may arise across the global supply chain for telecommunications equipment, services, or the outsourcing of sensitive network management functions.

Among the canvassed reforms, the Commonwealth is tightening security risks involving domestic and international networks or communications platforms. The administration wants to protect the availability and integrity of telecommunications networks and systems. This incorporates the confidentiality of information that may be stored or carried on networks and interconnected systems.

Plans are underway to formalise and enhance existing information-sharing and relationships between government and telecommunications carriers and carriage service providers (C/CSPs). These are designed to ensure greater consistency, transparency and accountability to manage national security risks.

Planned safeguards place a “security obligation” on telcos and carriers. This requires them to do their best to protect networks from unauthorised access and interference. Moreover, carriers and some carriage service providers will need to notify security agencies of planned key changes to networks. This includes services that could compromise their ability to comply with the “security obligation.”

Moves are underway to expand the operation of existing civil enforcement mechanisms in the Telecommunications Act. These are designed to address non-compliance with the “security obligation,” as well as notification requirements, information requests and directions. Additional safeguards protect the confidentiality of commercially-sensitive information that is obtained by exercising expanded information-gathering powers. These incorporate “de-identifying company information” where information is shared outside of the Australian Government.

An implementation timeframe is being increased from six months to 12 months from Royal Assent. The proposed legislation continues to reflect the approach that was recommended by the Parliamentary Joint Committee on Intelligence and Security in 2013. Submissions on the Bill are being collated by Cyber and Identity Security Policy Branch at the Attorney-General’s Department.