Send Link mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.anu.edu.au/mailman/listinfo/link
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Link digest..."
Today's Topics:
1. The new Aussie cyber security laws (Stephen Loosley)
2. Re: "What?s Doomscrolling really costing you?" (Harry McNally)
3. OT: Re: "What?s Doomscrolling really costing you?" (Roger Clarke)
4. Re: The new Aussie cyber security laws (Roger Clarke)
----------------------------------------------------------------------
Message: 1
Date: Sat, 12 Oct 2024 14:04:15 +1030
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] The new Aussie cyber security laws
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
The Australian government has introduced new cyber security laws. Here?s what
you need to know
By David Tuffley, Senior Lecturer in Applied Ethics & CyberSecurity, Griffith
University. October 9, 2024
https://theconversation.com/the-australian-government-has-introduced-new-cyber-security-laws-heres-what-you-need-to-know-240889
The Albanese government today introduced long-awaited legislation to parliament
which is set to revolutionise Australian cyber security preparedness.
The legislation, if passed, will be the first Australian standalone cyber
security act. It?s aimed at protecting businesses and consumers from the rising
tide of cyber crime.
So what are the key provisions, and will it be enough?
What?s in the new laws?
The new laws have a strong focus on victims of ?ransomware? ? malicious
software cyber criminals use to block access to crucial files or data until a
ransom has been paid.
Help us fight misinformation.
People who pay a ransom do not always regain lost data. The payments also
sustain the hacker?s business model.
Under the new law, victims of ransomware attacks who make payments must report
the payment to authorities. This will help the government track cyber criminal
activities and understand how much money is being lost to ransomware.
The laws also involve new obligations for the National Cyber Security
Coordinator and Australian Signals Directorate. These obligations restrict how
these two bodies can use information provided to them by businesses and
industry about cyber security incidents. The government hopes this will
encourage organisations to more openly share information knowing it will be
safeguarded.
Separately, organisations in critical infrastructure ? such as energy,
transport, communications, health and finance ? will be required to strengthen
programs used to secure individuals? private data.
The new legislation will also upgrade the investigative powers of the Cyber
Incident Review Board. The board will conduct ?no-fault? investigations after
significant cyber attacks. The board will then share insights to promote
improvements in cyber security practices more generally. These insights will be
anonymised to ensure the identities of victims of cyber attacks aren?t publicly
revealed.
The legislation will also introduce new minimum cyber security standards for
all smart devices, such as watches, televisions, speakers and doorbells.
These standards will establish a baseline level of security for consumers. They
will include secure default settings, unique device passwords, regular security
updates and encryption of sensitive data.
This is a welcome step that will ensure everyday devices meet minimum security
criteria before they can be sold in Australia.
A long-overdue step
Cyber security incidents have surged by 23% in the past financial year, to more
than 94,000 reported cases. This is equivalent to one attack every six minutes.
This dramatic increase underscores the growing sophistication and frequency of
cyber attacks targeting Australian businesses and individuals. It also
highlights the urgent need for a comprehensive national response.
High-profile cyber attacks have further emphasised the need to strengthen
Australia?s cyber security framework. The 2022 Optus data breach is perhaps the
most prominent example. The breach compromised the personal information of more
than 11 million Australians, alarming both the government and the public, not
to mention Optus.
Cyber Security Minister Tony Burke says the Cyber Security Act is a
?long-overdue step? that reflects the government?s concern about these threats.
Prime Minister Anthony Albanese has also acknowledged recent high-profile
attacks as a ?wake-up call? for businesses, emphasising the need for a unified
approach to cyber security.
The Australian government wants to establish Australia as a world leader in
cyber security by 2030. This goal reflects the government?s acknowledgement
that cyber security is fundamental to national security, economic prosperity
and social well being.
Man with white hair wearing suit and tie standing at microphone in parliament
house in front of green leather bench.
Minister for Cyber Security Tony Burke says the creation of a new cyber
security act is long overdue. Mick Tsikas/AAP
Broader implications
The proposed laws will enhance national security. But they could also present
challenges.
For example, even though the laws place limitations on how the National Cyber
Security Coordinator and Australian Signals Directorate can use information,
some businesses might still be unwilling to share confidential data because
they are worried about damage to their reputation.
Businesses, especially smaller ones, will also face a substantial compliance
burden as they adapt to new reporting requirements. They will also potentially
need to invest more heavily in cyber security measures. This could lead to
increased costs, which might ultimately be passed on to consumers.
The proposed legislation will require careful implementation to balance the
needs of national security, business operations and individual privacy rights.
--
------------------------------
Message: 2
Date: Sat, 12 Oct 2024 16:31:12 +0800
From: Harry McNally <[email protected]>
To: [email protected]
Subject: Re: [LINK] "What?s Doomscrolling really costing you?"
Message-ID:
<3841fb96-3209-4248-b3a4-25d1c700a...@decisions-and-designs.com.au>
Content-Type: text/plain; charset=UTF-8; format=flowed
Hi Sylvano
On 9/10/24 16:22, Sylvano wrote:
> That the burger gambling ads work or not is missing the point on a couple of
> fronts.
>
> Firstly, the insertion of an interruptive message during the doomscroll
> behaviour is a direct message intervention in the addictive activity, not a
> warning to not act on the advertised call to action.
>
> Secondarily, it is an easy to implement requirement upon the social giants.
I'd like to suggest something similar that is already in plain sight.
If you look at
https://abc.net.au/news/justin
and scroll down, it reaches a limit of stories and a button says: Load more
stories
I'm guessing the ABC does this to set a data limit for each page request but
it is an intervention without making it obvious.
Then just legislate social media UX design to require this.
Caveat here that this with a web browser. I have no idea how the ABC app does
it.
All the best
Harry
ps Who is Justin and why does he have his own news page ?
------------------------------
Message: 3
Date: Sat, 12 Oct 2024 21:35:47 +1100
From: Roger Clarke <[email protected]>
To: [email protected]
Subject: [LINK] OT: Re: "What?s Doomscrolling really costing you?"
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed
On 12/10/2024 19:31, Harry McNally wrote:
> ps Who is Justin and why does he have his own news page ?
Good Question, glad you asked.
A = Patron of old men who want to think they're still relevant.
https://en.wikipedia.org/wiki/Justin_I
https://en.wikipedia.org/wiki/File:Mosaic_of_Justinianus_I_-_Basilica_San_Vitale_(Ravenna).jpg
Became Emperor of the (remnant) Roman Empire at 68, and reigned
(relatively peacefully even!) for nearly 20 years.
--
Roger Clarke mailto:[email protected]
T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professorial Fellow UNSW Law & Justice
Visiting Professor in Computer Science Australian National University
------------------------------
Message: 4
Date: Sat, 12 Oct 2024 21:40:24 +1100
From: Roger Clarke <[email protected]>
To: [email protected]
Subject: Re: [LINK] The new Aussie cyber security laws
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed
> The Australian government has introduced new cyber security laws.
Here?s what you need to know
> By David Tuffley, Senior Lecturer in Applied Ethics & CyberSecurity,
Griffith University.
...
> These standards will establish a baseline level of security for
consumers. They will include secure default settings, unique device
passwords, regular security updates and encryption of sensitive data.
...
>This is a welcome step that will ensure everyday devices meet minimum
security criteria before they can be sold in Australia.
Dreamland.
Oh, sorry, I forgot. David's an ethicist. Outcomes are optional.
My posting on the privacy list on Thu morning said:
[ This Bill contains lots that government agencies want, so it may be
one of the exceptions and might survive the near-future proroguing of
the Clth Parlt.
[ It seemed that one part of it that could be of some actual value.
[ "Mandatory security standards", even if only "for smart devices" (a
poor attempt at a populist expression of the Bill's scope), might
finally set baseline security safeguards.
[ But it's a lie.
[ See below for my first-pass assessment of why it's an absolute
travesty, like so much that goes on in the federal parliament.
HTML:
https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;db=LEGISLATION;id=legislation%2Fbills%2Fr7250_first-reps%2F0002;query=Id%3A%22legislation%2Fbills%2Fr7250_first-reps%2F0000%22;rec=0#15a99341fa41445b994fc13518d5ca5e
[ "The rules may provide mandatory security standards ...
"for products that can directly or indirectly connect to the internet
(called relevant connectable products) that will be acquired in
Australia in specified circumstances"
[ The definition of 'network-connected product' is dopey - invented by a
lawyer with no sense of IT architecture. The sensible approach would be
to define 'A network-connectable product' in physical-connection terms
and make no mention of inter-connectability in the definition, and 'An
internet-connectable product', as it is, relative to "a communication
protocol that forms part of the internet protocol suite".
The Rule-making power is in s.87.
https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;db=LEGISLATION;id=legislation%2Fbills%2Fr7250_first-reps%2F0007;query=Id%3A%22legislation%2Fbills%2Fr7250_first-reps%2F0000%22;rec=0#114ceec97c7c4f1a8a98fe04021199f3
[ But they're not real Rules (no enforcement) and they're not
Regulations, and they're not a disallowable instrument.
_________________
On 12/10/2024 14:34, Stephen Loosley wrote:
>
>
> The Australian government has introduced new cyber security laws. Here?s what
> you need to know
>
> By David Tuffley, Senior Lecturer in Applied Ethics & CyberSecurity, Griffith
> University. October 9, 2024
> https://theconversation.com/the-australian-government-has-introduced-new-cyber-security-laws-heres-what-you-need-to-know-240889
>
>
> The Albanese government today introduced long-awaited legislation to
> parliament which is set to revolutionise Australian cyber security
> preparedness.
>
> The legislation, if passed, will be the first Australian standalone cyber
> security act. It?s aimed at protecting businesses and consumers from the
> rising tide of cyber crime.
>
> So what are the key provisions, and will it be enough?
>
> What?s in the new laws?
>
> The new laws have a strong focus on victims of ?ransomware? ? malicious
> software cyber criminals use to block access to crucial files or data until a
> ransom has been paid.
>
> Help us fight misinformation.
>
> People who pay a ransom do not always regain lost data. The payments also
> sustain the hacker?s business model.
>
> Under the new law, victims of ransomware attacks who make payments must
> report the payment to authorities. This will help the government track cyber
> criminal activities and understand how much money is being lost to ransomware.
>
> The laws also involve new obligations for the National Cyber Security
> Coordinator and Australian Signals Directorate. These obligations restrict
> how these two bodies can use information provided to them by businesses and
> industry about cyber security incidents. The government hopes this will
> encourage organisations to more openly share information knowing it will be
> safeguarded.
>
> Separately, organisations in critical infrastructure ? such as energy,
> transport, communications, health and finance ? will be required to
> strengthen programs used to secure individuals? private data.
>
> The new legislation will also upgrade the investigative powers of the Cyber
> Incident Review Board. The board will conduct ?no-fault? investigations after
> significant cyber attacks. The board will then share insights to promote
> improvements in cyber security practices more generally. These insights will
> be anonymised to ensure the identities of victims of cyber attacks aren?t
> publicly revealed.
>
> The legislation will also introduce new minimum cyber security standards for
> all smart devices, such as watches, televisions, speakers and doorbells.
>
> These standards will establish a baseline level of security for consumers.
> They will include secure default settings, unique device passwords, regular
> security updates and encryption of sensitive data.
>
> This is a welcome step that will ensure everyday devices meet minimum
> security criteria before they can be sold in Australia.
>
> A long-overdue step
>
> Cyber security incidents have surged by 23% in the past financial year, to
> more than 94,000 reported cases. This is equivalent to one attack every six
> minutes.
>
> This dramatic increase underscores the growing sophistication and frequency
> of cyber attacks targeting Australian businesses and individuals. It also
> highlights the urgent need for a comprehensive national response.
>
> High-profile cyber attacks have further emphasised the need to strengthen
> Australia?s cyber security framework. The 2022 Optus data breach is perhaps
> the most prominent example. The breach compromised the personal information
> of more than 11 million Australians, alarming both the government and the
> public, not to mention Optus.
>
> Cyber Security Minister Tony Burke says the Cyber Security Act is a
> ?long-overdue step? that reflects the government?s concern about these
> threats.
>
> Prime Minister Anthony Albanese has also acknowledged recent high-profile
> attacks as a ?wake-up call? for businesses, emphasising the need for a
> unified approach to cyber security.
>
> The Australian government wants to establish Australia as a world leader in
> cyber security by 2030. This goal reflects the government?s acknowledgement
> that cyber security is fundamental to national security, economic prosperity
> and social well being.
>
> Man with white hair wearing suit and tie standing at microphone in parliament
> house in front of green leather bench.
> Minister for Cyber Security Tony Burke says the creation of a new cyber
> security act is long overdue. Mick Tsikas/AAP
> Broader implications
>
> The proposed laws will enhance national security. But they could also present
> challenges.
>
> For example, even though the laws place limitations on how the National Cyber
> Security Coordinator and Australian Signals Directorate can use information,
> some businesses might still be unwilling to share confidential data because
> they are worried about damage to their reputation.
>
> Businesses, especially smaller ones, will also face a substantial compliance
> burden as they adapt to new reporting requirements. They will also
> potentially need to invest more heavily in cyber security measures. This
> could lead to increased costs, which might ultimately be passed on to
> consumers.
>
> The proposed legislation will require careful implementation to balance the
> needs of national security, business operations and individual privacy rights.
>
> --
>
> _______________________________________________
> Link mailing list
> [email protected]
> https://mailman.anu.edu.au/mailman/listinfo/link
--
Roger Clarke mailto:[email protected]
T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professorial Fellow UNSW Law & Justice
Visiting Professor in Computer Science Australian National University
------------------------------
Subject: Digest Footer
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
------------------------------
End of Link Digest, Vol 383, Issue 17
*************************************
