The Department of Infrastructure, Transport, Regional Development, and Communications has run up the flagpole the idea of inserting security provisions into the Telecommunications Act to require telcos to safeguard their systems as a condition of their licence to operate.
Writing in a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review of the Telecommunications Sector Security Reforms[1] (TSSR), the department said there are no specific requirements on carriers to protect their networks from cyber intrusions.
"The addition of an object with a specific security focus would support the measures taken by government and industry into the future," it said.
"It would also mean that the full force of the existing regulatory framework (including codes and standards under Part 6 of the Tel Act [Telecommunications Act], carrier licence conditions and service provider rules) could be available to support security objectives."
A number of options exist for how that mechanism would work under Part 6, the department said, and it could end up taking the form of licence conditions, service provider rules, or an industry code or standard.
"If these mechanisms are used to achieve security objectives, it is appropriate that the Minister for Home Affairs have the ability to enforce these obligations, consistent with the powers that the Minister for Home Affairs already has in relation to TSSR," the department said.
As it currently stands under TSSR obligations, telcos need to "do their best" to protect infrastructure, but the department put forward the idea of making it more prescriptive and easier to interpret.
"The creation of a delegated instrument (such as a determination making power), with appropriate Ministerial oversight, could offer a clearer alternative," it said.
"Additionally, industry and government could create and promulgate security standards using