Tech Giants Say Government Response to Computer Crashes ‘Unworkable’

A coalition of global tech companies has expressed concern over planned “last resort” powers that would allow the federal government to intervene to contain a cyberattack on critical infrastructure.

A letter [pdf] three industry bodies, including the US-based Information Technology Industry Council and the Australian Information Industry Association, comes after a parliamentary committee recommended that the powers be “quickly legislated”.

Industry bodies claim to represent some of the world’s largest technology companies, including Google, Apple, Amazon, Facebook, Microsoft, IBM, Salesforce, Cisco, Dell, Oracle, Intel, SAP, VMware, AMD, HPE, and Accenture.

“Our members share the Australian government’s commitment to protect Australians and Australia’s critical infrastructure from cyber threats,” reads the letter to Home Secretary Karen Andrews.

“However, the [Security Legislation Amendment (Critical Infrastructure) Bill 2020] remains very problematic and largely unchanged despite the many feedback from our organizations.

“Without meaningful revision, the bill will create an unworkable set of obligations and set a troubling global precedent.”

Industry bodies, which also include the Cyber ​​Security Coalition, have expressed disappointment that the Joint Parliamentary Committee on Intelligence and Security recommended rushing into Part 3A of the bill.

Part 3A will establish a regime for the government to respond to serious cyber incidents that impact critical infrastructure, which includes areas such as communications, data storage or processing, and financial services.

Industry bodies said the credentials “caused the most concern for the industry,” as highlighted earlier this year by Google and Amazon Web Services, and urged the government to reject the recommendation.

“As drafted, Part 3A of the bill gives the Australian government powers of information gathering, direction and intervention that are not subject to due process, which would normally allow entities concerned to appeal or have these decisions reviewed independently, ”the letter said. .

“While the government says this power is only intended as a measure of last resort to deal with ‘cybersecurity incidents’, the bill gives the government unprecedented and far-reaching powers, which may have impact on the networks, systems and customers of international entities and should be subject to a mechanism of judicial oversight and oversight prescribed by law.

Industry bodies have also recommended that a mandatory cyber incident reporting deadline be extended to at least 72 hours, as the current 12 hour deadline “diverges from global best practices and will hamper our ability to really focus on incidents. reviews ”.

The requirement to report “impending” cyber incidents should also be removed from the bill, the agencies said, as the government would likely be “inundated with data” from businesses if this were introduced.

“We reiterate once again our demand that the government immediately reconsider its proposed course on these two issues and respond to the important concerns raised by the industry,” said industry bodies.

“Our member companies prioritize cybersecurity, both within our own businesses and for our customers, and we support the Australian government’s goal of improving cybersecurity in Australia.

“However, these two proposals would fall short of that goal, have significant unintended consequences that would reduce security in practice and set dangerous global precedents.”

Source link

About Tammy Diaz

Check Also

500 million Avira Antivirus users introduced to cryptomining – Krebs on Security

Many readers have been surprised recently to learn that the popular Norton 360 The antivirus …

Leave a Reply

Your email address will not be published. Required fields are marked *