The Department of Home Affairs has released a ransomware action plan.
The action plan, which was released last week, outlines the capabilities and powers that Australia will use to combat ransomware, including proposals to introduce a specific mandatory reporting requirement for companies which experience a ransomware incident.
In announcing the action plan, Home Affairs Minister Karen Andrews said: “The Government will also develop a mandatory ransomware incident reporting regime to enhance our understanding of the threat and enable better support to victims of ransomware attacks. It will be designed to benefit, not burden, small businesses, with businesses with a turnover over $10 million per annum expected to be subject to the regime.”1
Ms Andrews said the action plan also made it clear that the Australian Government did not condone ransom payments to cyber criminals.2
The Australian Cyber Security Centre (ACSC) Annual Cyber Threat report 2020-2021 (the ACSC report) found an increase in ransomware reports of 15% in the previous financial year.3 However the ACSC report also noted that, although the number of ransomware reports was relatively small compared to reports of other types of cybercrime, it “remains the most serious cybercrime threat due to its high financial impact and disruptive impacts to victims and the wider community”.4
Mandatory incident reporting forms part of the action plan’s response, which includes:
- Introducing a specific mandatory ransomware incident reporting to the Australian Government
- introducing a standalone offence for all forms of cyber extortion
- introducing a standalone aggravated offence for cybercriminals seeking to target critical infrastructure (as proposed to be regulated by the Security Legislation Amendment (Critical Infrastructure) Bill 2020)
- modernising legislation to ensure that cybercriminals are held to account for their actions, and law enforcement is able to track and seize or freeze their ill-gotten gains.
Policy and operational response
- Establishment of the multi-agency taskforce Operation Orcus as Australia’s strongest response to the surging ransomware threat, led by the Australian Federal Police
- awareness raising and clear advice for critical infrastructure, large businesses and small-to-medium enterprises on ransomware payments
- joint operations with international counterparts to strengthen shared capabilities to detect, investigate, disrupt and prosecute malicious cyber actors when engaging in ransomware
- Actively calling out those who support, facilitate and provide safe havens to cybercriminals.
These responses will be used to carry out the three main objectives of the action plan – ‘Prepare and Prevent’, ‘Respond and Recover’ and ‘Disrupt and Deter’.
The action plan is part of Australia’s overarching 2020 Cyber Security Strategy with industry and community consultation on the mandatory reporting regime and new criminal offences in the near future.5
Kerryn Sampson is a Queensland Law Society Senior Policy Solicitor. Anke Joubert is a QLS Legal Assistant.