Labor has reintroduced the Ransomware Payments Bill 2021 in the Senate after the bill failed to progress the first time.
Businesses and government agencies will be required to notify the Australian Cyber Security Centre (ACSC) before making a ransomware payment in response to a cyber attack if the bill is passes.
The bill was first introduced in the House of Representatives by shadow assistant minister for cyber security Tim Watts in June, but it has not been debated in the two months since, despite the prevalence of ransomware attacks.
Labor has reintroduced the bill in the Senate as the government has “failed to bring [the bill] on for debate” since it was introduced, Kristina Keneally, shadow home affairs minister, outlined in a statement.
“[Home Affairs Minister Karen] Andrews says cyber security and ransomware are one of her highest priorities, but we’ve seen little in the way of action to reduce the onslaught of attacks,” Keneally said.
“That’s why Labor has been once again forced to show the leadership on cyber security that’s been missing since the election of this prime minister by introducing this bill in the senate.
"Labor would seek to work with the crossbench to secure support for the bill in the senate.”
Businesses and organisations would be expected to disclose key details of the attack, including the attacker and their cryptocurrency wallet details to the ACSC under the proposed legislation.
Labor reintroduced the notification scheme to the Federal Parliament, following a recommendation by US-based thinktank the Institute for Security and Technology and former director of the US Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs.
In May, Home Affairs boss Mike Pezzullo first raised the prospect of mandatory reporting requirements for organisations that are attacked or extorted by cyber criminals at Senate estimates, and the government’s own Cyber Security Advisory Committee, chaired by Telstra CEO Andrew Penn, recommended a clearer policy position on ransomware payments be developed just last month.
Reportedly, Minister Andrews is “already exploring” a mandatory reporting scheme, but believes that any scheme should be backed by public awareness campaigns.
The government has also been asked to review cyber insurance regimes to understand their efficacy in mitigating cyber attacks.
Nastasha is a Journalist at Momentum Media, she reports extensively across veterans issues, cyber security and geopolitics in the Indo-Pacific. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! 7 and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. She started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.