Laws Stymie 'Trusted' Network

Numerous legislative stumbling blocks mean there is little chance of industry participating in even the most remote level of information sharing as part of the federal government's critical infrastructure initiatives.

Under current legal framework, information shared with government is not protected leaving little regard for confidentiality.

Freehills solicitor Martin McEniery said under the Freedom of Information Act (FOI) there is no guarantee that the officer assessing the FOI application will grant the information confidential status.

"This is of obvious concern to companies which are being encouraged to share information [about] threats and vulnerabilities to what may be mission-critical systems," McEniery said.

The federal government is trying to establish an IT security alert system with critical infrastructure industries such as banking, utilities and telecommunications under its Trusted Information Sharing Network (TISN).

However, even TISN identifies legislative obstacles including FOI legislation in a paper entitled Information Sharing Arrangements, which examines ways to ensure information shared to fix a potential problem does not become public knowledge to "avoid greater exploitation" of a vulnerability.

The Australian Bankers' Association (ABA) is aware of the lack of information protection with a spokeswoman admitting that a raft of legislative changes may be required to provide a suitable information sharing environment.

"The problem relates to a number of Acts, but as it stands the government cannot protect the confidentiality of information provided by industry; this isn't the only problem, we need to overcome competition laws as well. For example, if there are four banks in a room disclosing [vulnerability] information this could contravene competition laws. At the moment there is no legal framework in place," the spokeswoman said.

While the spokeswoman admitted this could involve legislative changes she is optimistic that problems will be overcome because the banking industry does want to participate in TISN.

At the same time, the ABA has called for the implementation of uniform cybercrime and privacy legislation by all states and territories in its submission to a parliamentary inquiry into cybercrime.

Chaired by MP Bruce Baird the parliamentary committee of the Australian Crime Commission has received more than 25 submissions largely from Police agencies; hearings will start in the week of July 14, 2003.

The ABA spokeswoman said while the Cybercrime Act and Privacy Act are federal law, similar provisions have been introduced only in NSW and Victoria; no other state or territory has followed suit.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Sandra Rossi

Latest Videos

More videos

Blog Posts