MacTel warns critical infrastructure reforms create gaps in government data protection
Australia’s Macquarie Telecom has labelled its critical infrastructure as inadequate, warning that data storage and processing service providers may be capable of avoiding regulations due to emphasis on data deemed business-critical. Many of Australia’s recent reform efforts have focused on this type of data and its security, however, other sensitive or personally identifiable information may be at risk. MacTel warned that the reduction in the scope of Australia’s critical infrastructure laws is dangerous as it does not describe information typically held by government departments and agencies.
MacTel delivered several remarks to the Parliamentary Joint Committee on Intelligence and Security in an attempt to convince it to adapt reforms introduced into the Parliament last month. The reforms focus primarily on critical infrastructure. Recent reforms have taken place in two different pieces of legislation, with the first being enacted into law in December. The reform allows the government powers to direct a critical infrastructure entity on how to defend against cyberattacks. The second, which is currently in review, seeks to add requirements for the same entities to have risk management programs in place. The latter applies to organizations deemed most important to the nation, and therefore may not apply to data storage providers.