The federal government is considering making the tech sector bear more liability for insecure products, according to cyber security minister Clare O’Neil.
O’Neil yesterday delivered a keynote to the Australian Information Security Association’s Cyber Conference, and said too much risk is borne by the community.
She said the government and the Andy Penn-led expert advisory board putting together the government’s next cyber security strategy want to change that.
Measures under consideration “with the support of the expert advisory board” include “creating a legislative framework to shift cyber security risks away from our most vulnerable members of the community towards those who are best placed to manage it, including software and cyber security service providers, telecommunications firms and technology developers”, she said.
O’Neil also flagged support for business to improve cyber security, along with educating them “to understand that cyber security and trust is a competitive advantage”, and continue building the infosec workforce in government and the private sector.
The aim, O’Neil said, is to raise the cost of cyber crime.
The minister also used the speech to acknowledge criticisms that have emerged from industry roundtables conducted by the expert group.
The government, she said, needs to be a “cyber security exemplar” and improve its information sharing on threats and incidents.
“Business do not feel that their cyber security obligations are clear or easy enough to follow,” she said, adding that industry responsibilities should be better aligned “so that cyber risks are managed by those best-placed to do so.”