AWS cautions gov against rushing in more cyber security regulations

By

Before suite of existing reforms have had the chance to mature.

Amazon Web Services has urged the federal government to hold off imposing any further cyber security regulations on businesses before a range of other recent reforms come into effect.

AWS cautions gov against rushing in more cyber security regulations

The hyperscale cloud provider made the comments in its response [pdf] to a proposal that would impose either voluntary or mandatory cyber security governance standards on companies.

“We caution against the introduction of additional measures…before existing reforms have been properly implemented, matured and evaluated,” AWS said in a submission to the Department of Home Affairs consultation.

“This process is critical for ensuring that any new policies are based on evidence; [are] consistent and complementary to existing policies; and are addressing a genuine policy gap.”

The comments, made by AWS A/NZ head of public policy Roger Somerville, follow a jam-packed 12 months of cyber security reforms in the wake of the government’s 2020 cyber security strategy.

Since August 2020, the government has introduced and passed controversial online account takeover powers in eight months, passed the Online Safety Act, and begun a long-awaited review of the Privacy Act.

It has also introduced the Security Legislation Amendment (Critical Infrastructure) Bill 2020, which will give the government the controversial power to defend networks of critical infrastructure providers under cyber attack as a "last resort".

Last week, the Parliamentary Joint Committee on Intelligence and Security recommended those last resort powers be "swiftly legislated", while consideration of other components of that bill are pushed back.

AWS said that many of the reforms were "substantial and meaningful" and would have “a significant impact on building Australia’s cyber security and boosting confidence in the digital economy”.

“However, these reforms need time to take effect – and impacted entities allowed sufficient time for implementation – before the introduction of any new regulatory instruments or initiatives," it said.

AWS has therefore asked that “existing reforms, frameworks and program… be allowed space to be implemented, matured and evaluated before the introduced of addition regulatory measures”.

It has similarly urged the government to simplify and harmonise the regulatory environment to help improve understanding of cyber security expectations in both business and government.

“As noted in the discussion paper, [there are] at least 51 Commonwealth, state and territory laws that create, or could create, some form of cyber security obligation. Consequently, the risk of confusion, conflicting or overlapping regulations is high,” Somerville said.

AWS was also one of a number of businesses to oppose plans to hold company directors accountable for failing to manage cyber risks, which it believes is already part of a director’s duties.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?