Image: Asha Barbaschow/ZDNet
Macquarie Telecom has labelled Australia’s critical infrastructure reforms as “watered down”, warning that many data storage or processing service providers may be able to avoid regulation due to the reforms’ primary focus on “business-critical data”.
“This is a significant and dangerous reduction in the scope of [Australia’s critical infrastructure laws] because business-critical data does not describe the type of information that is most commonly held by government departments and agencies nor what is crucial to the functioning of government,” the Australian cloud and data storage provider said.
Macquarie Telecom’s remarks were made to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which is currently reviewing the latest critical infrastructure reforms that were introduced into Parliament last month.
The reforms have so far come in the form of two pieces of legislation; the first became law in December to give government “last resort” powers to direct a critical infrastructure entity on how to intervene against cyber attacks; the second piece of legislation, which is what Macquarie Telecom has flagged as requiring amendments, looks to add requirements for critical infrastructure entities to have risk management programs in place and entities deemed “most important to the nation” to adhere to enhanced cybersecurity obligations.