On Wednesday 16th March, Narelle and Sophia represented our association at the Parliamentary Joint Committee on Intelligence and Security hearing that comprised several panels of stakeholders affected by the proposed bill. This hearing allowed industry representatives to provide feedback and raise concerns about the proposed federal government’s critical infrastructure cybersecurity obligations. This includes laws that could require organisations to install third-party software to gather information from their systems in the name of national security and report them to the government when the government deems them technically incapable of providing such systems information.
During the hearing, Narelle did a fantastic job representing member interests. She explained that technical systems go through a number of upgrades and revisions and that capabilities change, meaning that any requirement to install software on behalf of Home Affairs needs careful and ongoing security and interoperability testing. She further raised the concern that the legislation is unclear, very complex and very difficult to work through and raised a number of specific concerns about the data this software could capture. She expressed that we need to trust in the type of software that goes onto our systems and that we must be able to read the code, assess the code, test the code, and check interoperability and security before it is installed and at any time it is installed.
The hearing was an excellent opportunity to hear the different perspectives of various stakeholders. We hope the Parliamentary Joint Committee was able to gain enough industry insight for its review so that the inquiry can assist in constructing a Bill that is measured, effective and will improve our national security. If you would like to know more about the contents of the hearing, the transcript is available for download. So far, it seems the PJCIS has taken some of our views on board, so we live in hope the legislation will improve.