Government has defended the “slim down” IT standards it has introduced for businesses, saying they are “appropriate for a new, agile and complex digital business”.
The IT reforms are part of the Government’s Digital Transformation Plan.
“As we look to build the next generation of Australian businesses, we have set the industry standard for IT security,” Communications Minister Mitch Fifield said.
“We have taken the time to ensure the security of our IT systems and applications is always the top priority for the Government and our customers.”
“We recognise that we are taking the right action to ensure our businesses and people have the highest level of confidence in their information systems and data, and that they are protected against cyber attacks,” Mr Fifield told ABC Radio Canberra.
“Our reforms are intended to minimise the impact on businesses and customers.”
But IT experts say they are worried the Government has not provided a solid basis for its IT reforms and there is no clear roadmap for implementing them.
“There’s a lot of uncertainty about the level of security of IT systems, and there’s a lack of clarity on what they mean,” IT security expert and CEO of cybersecurity firm ThreatConnect, Rob Wainwright, told ABC Canberra.
He said the reforms were “slight” but said they were likely to make the business environment “more difficult to manage”.
“We’re looking at a whole lot of changes, and we need to be very mindful that some of these are still very far in the future,” he said.
Mr Wainwrights concerns are echoed by a number of organisations that have been hit by ransomware attacks, such as the Australian Cyber Security Centre.
He also believes there is a lack the clarity on the scope of the reforms and whether they will lead to “a more complex IT environment”.
“This is the first time we’re seeing any of these new measures in Australia and I think the Government needs to have a very good understanding of what these changes will mean to businesses and what they will mean for them,” Mr Wainsworth said.