Labor has launched a tactical maneuver to pressure the government to take further action on ransomware, following the Morrison Government’s refusal to debate Labor’s earlier bill.
The move could provide cyber security firms with an opportunity to have their say on this growing problem and may lead to requirements for a ransomware reporting system.
A Private Senators Bill was introduced into the senate by Labor Shadow Minister for Home Affairs, Senator Kristina Keneally on 12 August. The Bill proposes Australian organisations must inform the Australian Cyber Security Centre (ACSC) before making a ransom payment.
Such an obligation could require a case management system and digital notification ability at a minimum.
As proposed by the Bill, the ACSC would collect ‘actionable threat intelligence,’ such as the identity of the attacker (if known), the details of cryptocurrency wallets for payment, the ransom amount demanded, and any indications of system compromises.
Small businesses with turnover under $10 million would be excluded from the scheme.
The Morrison Government refused to debate Labor’s previous Bill when it was introduced in the House of Representatives, so the Opposition has introduced it in the senate, where it hopes to attract the support of crossbench senators.
With the status of the bill changing to a Private Senators Bill, there is now a distinct chance of further debate and public consultations.
With the support of crossbench senators, it could be referred to the Senate Legal and Constitutional Affairs Legislation Committee, where cyber security firms, experts and other interested parties can make submissions to provide their views on the draft.
In Mid-July, the Morrison Government’s own Cyber Security Advisory Committee, chaired by Telstra CEO Andrew Penn, recommended the development of “a clearer policy position on the payment of ransoms” in its annual report.