Telstra boss talks down need for legislation in ransomware fight

/in


The federal government ought to place a greater focus on “community awareness” in the fight against ransomware as the risk of attack continues to escalate, according to outgoing Telstra chief Andy Penn.

But Mr Penn, who chairs the government’s telco-heavy Industry Advisory Committee on Cyber Security, has stopped short of recommending legislation, despite urging the former government adopt a “clear policy position”.

The committee made the recommendation in its annual update last year after observing that it was not clear to business whether paying ransomware gangs was illegal or what best-practice was for incident reporting.

digital
Penn: Community awareness is the best defence for ransomware.

The recommendation followed a spate of high-profile ransomware attacks including one that forced US pipeline operator Colonial Pipeline to proactively close down operations and freeze its IT systems.

The then government took on the advice shortly thereafter, releasing a ransomware action plan in October 2021 that sought to introduce tougher penalties for criminals and a mandatory incident reporting scheme.

But legislation that would have enacted tougher penalties lapsed at the dissolution of Parliament in April, and legislation for the mandatory ransomware incident reporting regime was never introduced.

The newly minted government is yet to detail its plans in this space, though it could form part of country’s revised Cyber Security Strategy.  A spokesperson from Home Affairs minister Claire O’Neil’s office has been contacted for comment.

In the previous term of government, Labor attempted to force the Coalition’s hand by introducing a bill that would require businesses and government to notify the Australian Cyber Security Centre before paying a ransomware gang.

During his address to the National Press Club on Tuesday, Mr Penn said ransomware remained “major and escalating issue”, estimating that 80 per cent of Australian businesses had experienced an attack in 2021, up from 45 percent in 2020.

Asked whether legislation was important to address ransomware risks and whether it should be an urgent consideration for the new government, Mr Penn said there…

Source…