Penalties for insecure systems and fines for poorly performing products form the linchpin of a submission to the Federal Government seeking new laws to lift IT industry standards. Companies that do not secure their systems and vendors that sell products that are not up to scratch are the targets of the proposed laws.
The get-tough legislation outlined in the submission has been drafted by Internet law firm Deacons Lawyers and will be presented to the National Office for the Information Economy (NOIE), Federal Attorney-General Daryl Williams and IT Minister Richard Alston next month.
The submission is aimed at lifting Australia's e-security standards and calls for the Government to be more active by introducing civil laws to hit companies with financial penalties if "reasonable steps" are not taken to ensure systems are secure.
Deacons Lawyers' Leif Gammertsfelder said data messages are the lifeblood of business today and formal processes need to be in place before the "big bang" security disaster occurs, not after the event.
"The Government is really abdicating responsibility in this area; we have laws for fence heights and dog ownership but not e-security, which is fundamentally more important to the economy," Gammertsfelder said.
Last year's Cybercrime Bill (Cybercrime Bill 2001) is not enough, he said, because a criminal statute is hard to prove and new laws would catapult IT security standards into the boardroom as a corporate governance matter, not simply an IT issue.
The submission also calls for laws to enforce better products from software and hardware vendors and seeks sanctions "with teeth".
Gammertsfelder said fines could be introduced under the Trade Practices Act, forcing vendors to prove "reasonable steps are taken concerning their products".
The Federal Government was unwilling to comment until the submission had been received, however a spokesman for NOIE said the Government has accepted e-security responsibility at the highest levels, which has been demonstrated in the convening by the Prime Minister of the business-government taskforce, scheduled to hold its first meeting in March.
"The Government is dealing with this issue and liaising with senior executives without public grandstanding in the press," the spokesman said.