Australia to take 'long-overdue step' in cyber space

Cyber security standards for smart devices and mandatory ransomware reporting for particular businesses would be required under a package labelled a "long-overdue step" for Australia.

Cyber Security Minister Tony Burke will on Wednesday introduce legislation to the lower house that would give the nation its first stand-alone Cyber Security Act.

Under the package, the government will be empowered to direct companies and other entities to fix serious deficiencies within their risk management program.

The legislative package will implement seven areas under the 2023-2030 Australian Cyber Security Strategy.

This includes mandating minimum cyber security standards for smart devices, compulsory ransomware reporting for certain businesses which are yet to be decided on, to report ransom payments.

A Cyber Incident Review Board would also be set up under the changes.

The regulation of telecommunications security would be moved into the Security of Critical Infrastructure Act, and existing obligations for systems holding business-critical data would be further clarified.

Mr Burke said the government had to lead the way on cyber, but had worked extensively with business on the changes.

"The creation of a Cyber Security Act is a long-overdue step for our country, and reflects the government's deep concern and focus on these threats," he said.

"This legislation ensures we keep pace with emerging threats, positioning individuals and businesses better to respond to, and bounce back from cyber security threats.

"To achieve Australia's vision of being a world leader in cyber security by 2030, we need the unified effort of government, industry and the community."