Cyber defense policies evolve in three of the Five Eyes.

At a glance.

  • Australian critical infrastructure protection policy evolves.
  • US Commerce Department restricts cyber exports.
  • Software Supply Chain Risk Management Act passes the US House.
  • UK established information assurance unit in the MoD.
  • Qualifications for the Cyber Safety Review Board.

Australia allows government intervention for cyberattacks on critical services.

The Guardian reports that Australia has approved new legislation requiring operators of critical services to report cyberattacks and, in extreme cases, allowing the government to take over their operations. As the ruling explains, its purpose is to permit the government to “provide assistance immediately prior, during or after a significant incident.’ It also broadens the term “critical infrastructure” to include providers of food, energy, communications, financial services, higher education and research, and space technology, which comprised a quarter of all cyberattacks reported to the Australian Cyber Security Centre in the past year. Innovation Aus points out that last week the Australian Information Industry Association backed by an international group of tech associations penned a letter warning the law could set a “troubling global precedent,” as it could force businesses to give the government access to internal systems and grant excessive control over how these businesses operate. Home Affairs Minister Karen Andrews disagreed, stating, “If we don’t act now, we risk our cybersecurity falling further behind.”

Josh Brewton, vCISO at Cyvatar, finds it significant that the government will intervene when the operators’ responses are inadequate:

“It’s interesting that the Government are willing to step in when the response is deemed not adequate. Where is the line drawn? How will they define their triggers? How or who will be paying for the response if the ASD take control. Given the frequency of Cyber Attacks today I wonder how the cost of such a response would be dealt with. It could push smaller businesses over the edge. With a healthy bill from the government and the added financial, operational and reputational impacts from the attack itself.”

Saryu Nayyar, CEO of Gurucul, approves of the…