Controversial telco security reforms to become law

The Australian parliament has officially given the stamp of approval to reforms that force the country's telcos to inform the government of any changes they plan to make to their networks as well as their procurement intentions. 

The telecommunications sector security reforms (TSSR) were first flagged in 2015, but were twice reworked following fierce industry opposition to the proposal.

The government made a handful of tweaks to the proposed bill in November 2015 to soothe irate telcos, before sending it to the parliamentary joint committee on intelligence and security (PJCIS) for review late last year.

The reforms were a response to concerns about the threat posed by suppliers of equipment and managed services located in foreign countries.

The government said it wanted to be able to better protect national telco infrastrucure and systems from attack.

The bill requires telcos to "do their best" to protect the networks and facilities they "own, operate or use" from "unauthorised access and interference". 

Telcos will similarly need to inform the Attorney-General's department about any planned changes - like outsourcing, offshoring, or purchases involving sensitive parts of their network - that could have a "material adverse impact" on their obligation to secure their networks.

The Attorney-General now has the power to order a telco to take a particular course of action if there appears to be a risk to national security.

In June the PJCIS gave its support to the bill, pending a handful of minor changes the government later agreed to implement.

The bill subsequently passed the senate, and yesterday ascended through the lower house.

It is now headed to the governor-general for royal assent and will become operational 12 months after approval is given.

It is expected to cost each telco $184,000 annually to comply with the legislation, which threatens civil penalties of around $250,000 for non-compliance.