Legislation that formally obliges telecommunications to protect their networks from a range of threats such as has passed the House of Representatives with bipartisan support.
The legislation made its way through the Senate in August.
The Telecommunications and Other Legislation Amendment Bill 2016 implements the government’s Telecommunications Sector Security Reforms (TSSR) program.
In addition to protecting their networks, telcos are compelled to inform the government of changes to their infrastructure they are planning that could have an impact on its security.
The new regime also grants the government the power to issue directions to telcos “to do, or to refrain from doing, a specified act or thing within the period specified in the direction”.
Passage of the legislation follows the government agreeing to the recommendations of an inquiry staged by parliament’s Joint Committee on Intelligence and Security (PJCIS).
As part of its response to the inquiry, the government has agreed to release a range of guidance to help telcos understand their new obligations before the new regime kicks in 12 months after receiving royal assent.
“These reforms have been subject to extensive consultation over the past four years. Industry feedback through this process has shaped the detail of the proposed reforms,” justice minister Michael Keenan said during his second reading speech yesterday.
“In particular, a number of key amendments have been made to the bill following the release of two exposure drafts for public consultation in mid and late 2015.”
“Strong industry government partnerships are critical to managing these threats and securing our most important systems,” the minister said.
“This bill will formalise the relationship between industry and government and ensure consistency, transparency and proper accountability for all parts of the telecommunications industry.
“It will provide clarity around government's expectations on how national security risks to telecommunications networks are to be managed, and will provide more proportionate mechanisms for managing these risks.”
The legislation does not take a prescriptive approach, the minister said.
“Rapid changes in technology and service delivery mean a prescriptive approach would simply not be possible,” Keenan said.
Although the government’s changes to the bill since its initial exposure draft have been welcomed by industry groups, a joint submission to the PJCIS inquiry by the Australian Industry Group, the Australian Information Industry Association, the Australian Mobile Telecommunications Association, and Communications Alliance argued the legislation remained “onerous in terms of regulatory overhead and compliance risk”.