Offshoring arrangements, outsourcing of network management and decisions around procurement of telco infrastructure will come under increased scrutiny as part of proposed Telco security law reforms.
Last month, the Federal Government announced that it had accepted several recommendations made by the Parliamentary Joint Committee on Intelligence and Security (PJCIS). The PJCIS was tasked with reviewing the Telecommunications and Other Legislation Amendment Bill 2016 which was introduced in the Senate last year.
The Bill aims to establish a security framework to better manage national security threats to Australian telecommunications networks and strengthen the partnership between Federal government and the telecommunications industry.
According to a joint release by the Minister for Communications, Mitch Fifield, and the Attorney-General, George Brandis – “‘Telecommunications networks are a fundamental component of other critical sectors such as health, finance, transport, water and power. With the increasing threat of interference from malicious actors, including through cyber intrusions, protecting these networks is a priority of this Government.’”
The proposed changes to telco security laws imposes various new obligation on telco carriers and carriage service providers to protect their networks and notify the government of any changes that could compromise their ability to comply with the security obligation. Offshoring arrangements, outsourcing of network management and decisions around procurement of telco infrastructure will now fall under the purview of the proposed security law reforms.
The Government accepted all thirteen recommendations of the PJCIS, including a call for the revised guidelines to provide further clarity regarding a company’s security obligation under different circumstances, such as where:
- a company is providing or reselling an over‑the‑top service,
- telecommunications infrastructure is used (but not necessarily owned or operated) by the company,
- a company’s infrastructure is located in a foreign country, and used to provide services and carry and/or store information from Australian customers, and
- a company provides cloud computing and cloud storage solutions.
After the bill passes the house of representatives, the Attorney-General’s Department will work with industry to produce further guidance within the 12 month implementation period.
blueAPACHE’s emPOWER Cloud infrastructure, Disaster Recovery infrastructure and core emPOWER Network all reside within Australia enabling our clients to meet the most stringent data sovereignty, privacy and compliance requirements.
To learn more about how the proposed reforms can impact your organisation, contact your account manager.