Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of LawTeacher.
Cyberspace is widely growing space of digital era which is more prone to cyber attacks related to data breaches and cyber thefts. Organisations in this competitive edge don’t want to be front headline of leading newspaper due to cyber breach. In order to be proactive in this consent, one need to build defensive layer of security controls which cost huge money investments depending upon size and depth of controls that varies from organisation to organisation. Most organisation consider security implementation as cost centre rather than business enabler that put them in the lane of security breaches which results in loss of reputation, revenue, business and legal consequences. So rather than spending huge money in security models, one should have balanced compliance with the security legal frameworks that gives businesses a confidence and minimise cyber-chain risks (Sans.org, 2018).
This article covers a brief description about various laws related to data security and breaches in Australia and their evolutions. It also highlights some of the state and federal specific requirements related to Australian government to which organisations are entitled to.
AUSTRALIAN CYBERCRIME PROTECTION
1. ACORN: Australia government has set up of online reporting network of consumer intelligences to report and cybercrime or new threat that affects Australians if not. It is an agency that delivers national plan to combat cybercrime. It acts as online resilience to cybercrime where public and organisation can online report cybercrime securely. It acts as club of national agencies and territory governance.
2. ACSC: Australia Cybercrime security centre defines various frameworks and guidelines in order to protect assets of organisation to avoid risks and threats. It gives industries enterprise risk management assurance and public-private hub for information sharing. It responds cyber threats to CERT (Computer emergency and response team).It works together with government, industry and Australians to increase cybercrime awareness at maximum. It basically works in collective mode with department of home affairs whenever tracing out new government policy against cybercrime.
LEGAL, LEGISLATIVE AND REGULATORY ENVIRONMENT
A set of guidelines are provided by federal government to analyse organisation and its compliance with set of laws prevalent in Australia. Australian cyber security centre (ACSC) draws a legal framework for private and public sectors that needs to be followed primarily.
|AUSTRALIAN PRIVACY PRINCIPLES(APP)||It is a part of amendment to privacy act 1983 that forms a set of APP’s applied both to federal government and private organisations that cross $ 3 million turnover. Most of states have their own data protection acts entitled to private organisations and state government agencies. Various amendments are: 1.Privacy and data protection acts(2014)-Victoria 2.Privacy and data protection act 1998-New south Wales 3.Privacy and information act 2009-Queensland 4.Personal information Privacy Act 2004 Tasmania 5. Information privacy Act 2014-Australian capital territory. 6. Information act 2002-Northern territory.|
|CYBERCRIME ACT||Computer and internal related offences such as unlawful access and impeding access to computer, computer related fraud, cyber stalking and child pornography. It is related to integrity of electronic communication and electronically stored data. It was amended on 1st march, 2013 and establishes framework for Australian access to council of Europe convention on cybercrime that works in collaboration with mutual assistance in criminal matters act 1987(Cth), Criminal Act 1914(Cth), criminal code and telecommunication Act 1979,offenses related to cybercrime bill 477.1 entitled to unauthorised access ,modification of restricted data, supply of restricted data held in credit cards and many forth.|
|SPAM ACT(2003)||Scheme for regulation of commercial emails and other type of electronic messages that restricts unauthorized messages with some exemptions. It is regulated by Australian communication and media authorities. Its fines non compliance firms up to 1.1 million dollars. (Acma.gov.au, 2018)Voice calls and fax messages are not covered by Australian media authority and managed by “do not call register. All messages should follow consent, identifiers and unsubscribe policies listed in this act.|
|TELECOMMUNICATION ACT,1997(Interception and access)||Primary objective is to protect privacy of individuals who use Australian telecommunication systems related to real time communications. It is amended to another law amended on 13 march,2015 through which(Alrc.gov.au, 2018) various agencies can access real time traffic after getting warrant from court .Metadata according to this law plays important role for national security agencies .Metadata includes telephone calls, websites access, geolocation details,. It works in collaboration with APP’s.|
|Cyber terrorism conventions||ASIO responds to increased cyber threats that basically stand as advisor to improve national security by combating cyber terrorism with cyber security principles. This includes various laws: 1.Security Legislation Amendment (Terrorism) Act 2002 2.Suppression of the Financing of Terrorism Act 2002 (Cth) 3. Criminal Code Amendment (Suppression of Terrorist Bombings) Act 2002 (Cth). 4.Cybercrime bill 2012|
Other Legislative Acts
It is entitled to government and private organisations and their details can be accessed on comlaw.gov.in
|REFERENCE ACTS||CYBERSECURITY CONSIDERATIONS|
|Australian security||Establishes ASIO frameworks and powers. It includes online reporting networks set up by ACORN (Australian online reporting network) and ACSC. It includes victims of cybercrime that can be Australian police agencies, criminal intelligence, media authorities, attorney’s general department, children e-safety commissioner, Australian consumer commission.|
|Intelligence organisation||Provision for computer access and security|
|ASIO Act 1979||Assessment, listening and tracking of monitoring devices (Asio.gov.au, 2018).|
|Crime Act,1914||Related to offenses against state legislations|
|Electronic transaction Act,1995||Related to electronic transactions|
|Intelligence services act||That provides judicial support of Australian secret intelligence service, Australian signals directorate, which grants powers to Australian secret intelligence organisations|
CODE OF CONDUCT (GUIDELINES)
A specified set of standards agreed by signatories that provides better consumer protection and minimise risks of threats.
- Guidelines for utilities: These highlights guidelines specified in ISO 27001, 27002, 27019 and NIST SP for security control systems.
- Guidelines for federal agencies: it gives set of rules for compliance with protective security framework to protect Australian citizens overseas and in their home country. Information and communication technology is protected by Australian signals directorate’s. State follows their own security management frameworks(ISM).
- Guidelines for banking industry: Cybersecurity guidelines are implemented by Australian securities and investment corporations. SIC implied to Australian stock exchange with prejudice of various guidelines listed in PPG 234 (Cryptographic controls), CPG 235(Managing data risk and governance), Australian Financial service licence (ASFL) maintaining client record and IT systems security.
- Guidelines for internet service providers: Data retention act, I codes (Industry codes) mentioned by internet industry association that encourage Cybersecurity culture within Australian ISP and customer.
MAJOR CHALLENGES FOR ESTABLISHING LEGAL ENVIRONMENTS
Although we have so many laws and collaborated guidelines that can ensure cyber security within consent but still cybercrime is increasing at a very rapid rate than a rate at which laws are being enacted and amended. Some of the challenges in this path line would be:
- Establishing international legal framework:
The first element of international framework building is cyber terrorism and signing of international agreement and acceptance of a set of definition on agreed terminologies related to cyber crime at defence. United Nations has developed 14 conventions and 4 amendments against international terrorism but they are not universally accepted and each country follows their own federal rules and laws. International community has stated this issue with creation of United Counter terrorism committee Executive directorate (CTED) in 2010 that stated definition of cyber terrorism but it is not being clear at state and domestic level. Various laws with support of criminal cases provide laws and guidelines against cyber crime within Australia territory but major concern relates to cyber crime carried out by criminal overseas which is not having signed treaty with Australia. Lack of strong international laws against cybercrime leads to criminals rapidly flourished in borderless environments and lack of coordination among law authorities and foreign policies. Law agencies are also limited to resources and personnel training in terrorism Cyber terrorism is a legal issue but coordinated international action is only way to tackle it. It demands strong cooperation between industries and government agencies.
Creation of effective framework, existing treaties and conventions must expand to more territories. Guidelines should be implemented that should include mutual connections and sharing of information by enforcement agencies. Any delay will give green signal to cyber criminals that governments and international agencies have limited capacity to deal it with.
2. DELAY IN ENACTMENT OF LAWS:
Enactment of laws considers various factors in different countries. Due to this, creations of ratified laws are often delayed. Disparity between technological advances and ramifications in legal processes leads to more and more threats in ever increasing social networks.
3. LIMITATIONS IN SCOPE OF APPLICATIONS: Absence of legal procedures on certain aspects make it difficult for investing agencies related to access of information and private data.
4. LACK OF TRUST BETWEEN VARIOUS SECTORS: various public and private sectors do not mutually connect and complies with legislative framework that gives criminals enough space to attack one through another.
5.CONFLICTS OF LAWS AND BASIC PRINCIPLES: Blended laws that can be applied within state and political boundaries is lacking more in australia.Some laws gives rights for proprietary information’s ,other leads to violations of human rights. Some laws can be implemented only at state and other only at national level. We lack moreover mutually agree treaties that can be implemented and a proper legal process can be carried out at international boundaries as well. For example EU-US privacy shield protect personal data of EU people if it is being transferred to US, It does not take into account other countries.
A new law has been passed in Australia this month. Encryption acts like key to the door of protected information but it experienced negative consequences as law enforcement agencies sometime not able to access messages and protective data sent by attackers. This law was imposed that forcefully sets backdoors to big companies from where various investigating agencies can have direct access to all data and concerned metadata credentials. Australia looked upon this issue after the hearing of FBI against apple where apple request of prosecuting encryption has been overheard and request denied. New law leads to list of pros and cons and conflict of views as it impacts various big social networking industries like Facebook and whatsapp to great extent.
- Leads to systemic weakness in traffic going through communications (Tech.slashdot.org, 2018).
- Legal implications of signed treaties and violations of rules in other countries
- Effect companies at global markets
These are all views by senior executives rest effects can be seen as time grows (Anon, 2018)(Anon, 2018).
CURRENT CYBERCRIME STATE:
- MALWARE AND MALWARE ATTACKS: More organisations are now being attacked by criminals with ransom wares through phishing attacks. This is merely due to lack of compliance and legal process for imposing security standards in the way advertisement network is being set up .This also includes lack of awareness by government and private industries employees that often become victims of attractive emails.
- POLITICAL ATTACKS THROUGH SOCIAL NETWORKS: They are not active attacks and results in anti discipline towards social peace as people belonging to political parties openly participate in debate and exhibits their freedom of expression and thoughts towards each other on social sites like twitter.
- ATTACK TOWARDS COUNTRIES DEFENSIVE CONTROLS: Countries are being attacked by cyber terrorists that lead to serious physical damage if not controlled and delayed. Internationals conflict of laws is major hurdle for a legislative framework to be followed and set up.
- CYBER BULLYINGS: Many cases have been heard where children are being major victims of these attacks that even leads to their suicide. Many laws have been enacted towards cyber stalking and Children Act 2005 but still there are major back holes that needs to be addressed (Anon, 2018).
- Sans.org. (2018). SANS Institute: Reading Room – Legal Issues. [online] Available at: https://www.sans.org/reading-room/whitepapers/legal/concise-guide-australian-laws-related-privacy-cybersecurity-domains-36072 [Accessed 16 Dec. 2018].
- Acma.gov.au. (2018). Key elements of the Spam Act | ACMA. [online] Available at: https://www.acma.gov.au/Industry/Marketers/Anti-Spam/Ensuring-you-dont-spam/key-elements-of-the-spam-act-ensuring-you-dont-spam-i-acma [Accessed 16 Dec. 2018].
- Alrc.gov.au. (2018). Telecommunications Act 1997 (Cth) | ALRC. [online] Available at: https://www.alrc.gov.au/publications/71.%20Telecommunications%20Act/telecommunications-act-1997-cth [Accessed 16 Dec. 2018].
- Asio.gov.au. (2018). Australian Security Intelligence Organisation |. [online] Available at: https://www.asio.gov.au/ [Accessed 16 Dec. 2018].
- Anon, (2018). [online] Available at: https://www.upwork.com/hiring/development/trends-in-cyber-security-threats-and-how-to-prevent-them/ [Accessed 16 Dec. 2018].
- Tech.slashdot.org. (2018). Australia Passes Anti-Encryption Laws [Update] – Slashdot. [online] Available at: https://tech.slashdot.org/story/18/12/06/0358200/australia-passes-anti-encryption-laws-updatehttps://tech.slashdot.org/story/18/12/06/0358200/australia-passes-anti-encryption-laws-update [Accessed 16 Dec. 2018].
- Anon, (2018). [online] Available at: https://www.gizmodo.com.au/2018/12/the-internet-reacts-to-australias-anti-encryption-bill/https://www.gizmodo.com.au/2018/12/the-internet-reacts-to-australias-anti-encryption-bill/ [Accessed 16 Dec. 2018].
- TheSpec.com. (2018). Al-Anon on December 18,2018 | TheSpec.com. [online] Available at: https://www.thespec.com/events/8340671-669069-al-anon/ [Accessed 16 Dec. 2018].
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please: