Australia plans tough laws on IT industry standards

Penalties for insecure systems and fines for poorly performing products form the linchpin of a submission to the Australian...

Penalties for insecure systems and fines for poorly performing products form the linchpin of a submission to the Australian government seeking new laws to lift IT industry standards.

Companies that do not secure their systems, and vendors who sell products that are not up to scratch are targeted under the proposed laws.

The get-tough legislation outlined in the submission has been drafted by Internet law specialists Deacons Lawyers and will be presented to the National Office for the Information Economy (NOIE), the Federal attorney general Daryl Williams and IT minister Richard Alston in March.

The submission is aimed at lifting Australia's e-security standards and calls for government to be more active by introducing civil laws to hit companies with financial penalties if "reasonable steps" are not taken to ensure systems are secure.

An IT manager, supporting the submission, welcomed the move and said it could put "a level of responsibility on the vendor's shoulder."

National Jet Systems Group IT manager Steve Tucker said the submission was reactionary with the exception of financial penalties for vendors which "would be good for users."

He said it is up to business to lift e-security standards rather than the government.

Deacons Lawyer Leif Gammertsfelder said formal processes need to be in place before the "big bang" security disaster occurs, not after the event.

"The Government is really abdicating responsibility in this area; we have laws for fence heights and dog ownership but not e-security which is fundamentally more important to the economy," Gammertsfelder said.

Gammertsfelder pointed to the situation in the U.S. where a raft of cyber security legislation has been introduced in the wake of September 11 including the Patriot Act, Cyber Security and Enhancement Act and Cybersecurity Preparedness Act.

The submission also calls for laws to enforce better products from software and hardware vendors and is seeking sanctions.

Gammertsfelder said fines could be introduced under the Trade Practices Act forcing vendors to prove "reasonable steps are taken to ensure products."

"Instead of getting caught up in IT technicalities, laws will put broad processes in place which form the key tenets in every standard around the globe," he said.

The Australian government was unwilling to comment until the submission had been received. However, a spokesman for NOIE said the government has accepted e-security responsibility at the highest levels, which is demonstrated in the convening by the Prime Minister of the business-government taskforce which is scheduled to hold its first meeting in March.

"The Government is dealing with this issue and liaising with senior executives without public grandstanding in the press," the spokesman said.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.