Local telcos are set to come under increased scrutiny over where they source certain products and services, thanks to new national security laws passed by the Federal Government.
The Federal Government’s controversial telecommunications security legislation was approved by the House of Representatives on 14 September, almost exactly a month after it passed in the Senate with a number of amendments.
Broadly speaking the Telecommunications and Other Legislation Amendment Bill 2017 amends the Telecommunications Act 1997 to establish a security framework to “better manage national security threats to telecommunications networks”.
It is aimed at establishing a security obligation that sees telecommunications carriers, carriage service providers and intermediaries, such as service provides, required to “do their best to protect their networks and facilities from unauthorised access and interference”.
The legislation also requires carriers and nominated carriage service providers to notify the Communications Access Co-ordinator of planned key changes to telecommunications services or systems that could “compromise their ability to comply with the security obligation”.
At the same time, the legislation gives the Attorney-General’s Department the power to issue a telco with a direction requiring them to either “do or refrain from doing” a specified thing in order to manage security risks.
“The reforms aim to encourage early engagement between government and industry on proposed changes to networks and services that could give rise to a national security risk, and collaboration on those risks,” the Attorney-General’s Department said.
Last month, it was revealed that the offshoring of data held by telcos and internet service providers (ISPs) would also be set to come under scrutiny under the legislation.
The Federal Government revealed on 9 August it had accepted several recommendations made by the Committee reviewing the laws.
Among the 13 recommendations made by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) accepted by the Government was the recommendation that the legislation be amended to include a specific obligation compelling telco carriers or carriage service providers to notify the Communications Access Co-ordinator (CAC) of any new or amended offshoring arrangements.
The Government agreed to amend the Bill.
The Government accepted several other recommendations, including the call for the proposed laws to be revised to provide comprehensive information, clarity and certainty to industry in a greater range of circumstances.
In particular, the revised administrative guidelines should provide further clarity regarding a company’s security obligation in circumstances where a company is providing or reselling an over the top service, telecommunications infrastructure is used (but not necessarily owned or operated) by the company.
It should also apply to circumstances where telecommunications infrastructure is used, but not necessarily owned or operated, by the service provider in question.
Following Royal Assent, the reforms will have a 12 month implementation period.
During this time, the Attorney-General’s Department plans to work with the industry to develop further the Administrative Guidelines to aid industry compliance with the framework introduced by the reforms.