‘We will change that’: Telstra, Optus on notice

Question Time
A rebooted cyber strategy will be a ‘game changer’ for Australia, according to the Home Affairs Minister. Picture: Martin Ollman/NCA NewsWire.

Telstra and Optus will be forced to “take responsibility” and assist authorities in detecting oncoming cyber attacks under a revamped plan to deal with a national rise in cybercrime.

Home Affairs Minister Clare O’Neil said the federal government would enforce stringent new regulations on businesses and partner with telecommunications giants to help monitor traffic to identify indicators of compromise.

It comes as the federal government launched its $600m cyber security strategy on Wednesday to bolster critical infrastructure, individuals and businesses against escalating threats of cybercrime.

“One of the underlying ideas in the cyber strategy is to stop leaving small businesses and citizens on their own and to force the big players in our economy to take responsibility for this problem and oblige them to protect their customers,” Ms O’Neil told RN earlier.

“There’s probably no part of the private sector that is more equipped to help us nationally deal with the problem of cybercrime and yet we have paltry requirements on telcos at the moment to care for cyber security, and we will change that.”

Optus Reels From Multiple Tech Problems As CEO Steps Down
Optus was targeted in one of the nation’s largest cybersecurity breaches in 2022. Picture: Lisa Maree Williams/Getty Images.

Nearly 94,000 reports of cybercrime were made to law enforcement agencies by individuals and businesses in 2023, an increase of 23 per cent from the previous financial year.

It came off the back of a series of major breaches in 2022, that saw tens of millions of people have their personal information leaked online after Optus and Medibank’s customer databases were targeted by hackers.

Under its new plan the government will establish a mandatory reporting scheme requiring businesses to report ransomware attacks and payments, to curb concerns that companies are withholding information about hacks to avoid losing customers.

Businesses will also be banned from making ransom payments to cybercriminals and face limits on hoarding customer information, with a review to assess any “unnecessary risk” of holding onto significant volumes of data for longer than needed.

Ms O’Neil said an outright ban on ransomware payments will be rolled over the next two years to allow the government to scope a clearer picture of the issue.

“We’ve got data flying around the country, we’ve got cyber attacks on major pieces of infrastructure and we’ve got citizen businesses who keep saying to me that they feel really alone in this challenge and unnecessarily vulnerable,” she said.

“So the cyber strategy that the government is releasing today is not just a big vision document about what the world might look like in 2030. It is a very specific set of tangible things that the government will do to change the game for our country.”