Commonwealth Numbered Acts Commonwealth Numbered ActsThe objects of this Act are to:
(a) improve the cyber security of products that:
(i) can connect directly or indirectly to the internet; and
(ii) will be acquired in Australia;
by requiring manufacturers and suppliers of those products to comply with security standards specified in the rules; and
(b) encourage the provision of information relating to the provision of payments or benefits (called ransomware payments) to entities seeking to benefit from cyber security incidents by imposing reporting obligations on entities in relation to the payment of such payments or benefits; and
(c) facilitate the whole of Government response to significant cyber security incidents by providing for the National Cyber Security Coordinator to lead across the whole of Government the coordination and triaging of action in response to significant cyber security incidents; and
(d) prevent, improve the detection of, improve the response to and minimise the impact of cyber security incidents by establishing the Cyber Incident Review Board to:
(i) cause reviews to be conducted in relation to certain cyber security incidents; and
(ii) make recommendations to government and industry about actions that could be taken to prevent, detect, respond to or minimise the impact of, incidents of a similar nature in the future; and
(e) improve the response to and minimise the impact of cyber security incidents (including imminent incidents) through encouraging entities impacted, or probably impacted, by such cyber security incidents to provide information to the Australian Government about the incidents by ensuring that:
(i) the information provided is only used and disclosed for limited purposes; and
(ii) the information provided is not admissible in evidence in proceedings against the entities that provided the information; and
(f) to facilitate the sharing of information about cyber security incidents with State and Territory Governments for limited purposes, with their consent that the information is only to be used and disclosed for limited purposes.