List of Recommendations

Recommendation 1

3.103

The Committee recommends that the Department of Infrastructure, Transport, Regional Development and Communications and the Cyber and Infrastructure Security Centre within the Department of Home Affairs, conduct a joint environmental analysis of current national and international telecommunications markets and networks.

This information can then be used to guide future security of critical infrastructure legislative reform related to telecommunications, as well as Telecommunications Sector Security Reform resources.

Recommendation 2

3.112

The Committee recommends that section 3 of the Telecommunications Act 1997 be amended to add an object of the act ensuring the security of telecommunications networks and their architecture from cyber and other security threats.

Recommendation 3

3.115

The Committee recommends that the Australian Government give consideration to the establishment of a telecommunications security working group comprised of the Department of Infrastructure, Transport, Regional Development, and Communications, the Department of Home Affairs, major telecommunications carriers and carriage service providers, and the Australian Security Intelligence Organisation and the Australian Signals Directorate (when appropriate).

This working group could set agreed standards and best practice principles to inform the work of the Cyber and Infrastructure Security Centre’s advice and resources.

Recommendation 4

3.119

The Committee recommends that the working group established as a result of Recommendation 3 be tasked with scoping agreed carrier licence conditions, service provider rules, and codes and standards for security of networks and systems. These can then be used to guide the resources to be produced by that group and inform directions or information gathering powers exercisable by the Minister for Home Affairs under the existing provisions of Part 14 of the Telecommunications Act 1997.

Recommendation 5

3.121

The Committee recommends that the Australian Government give consideration to establishing a dedicated telecommunications security threat sharing forum, to enable the Australian Security Intelligence Organisation and Australian Signal Directorate to brief telecommunications stakeholders about ongoing and emerging threats to the maximum classified level possible.

This forum could be a new group established under the Trusted Information Sharing Network or could be an adjunct group to the existing Communications Sector Group already established under that network, or the working group created as a result of Recommendation 3 of this report.

Recommendation 6

3.134

The Committee recommends that the working group established as a result of Recommendation 3 of this report be consulted to reach an agreed position regarding any duplicated security obligations that may be activated under an amended Security of Critical Infrastructure Act 2018 before they are activated.

If agreed, and once activated, the duplicated obligations or other mechanisms in Part 14 of the Telecommunications Act 1997 should be repealed, or deactivated by relevant mechanisms, so as to avoid regulatory duplication on telecommunications entities.

| Contents |