IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers to face 25 years in jail for cyber attacks on Australia's national infrastructure

The proposals aim to update current laws to account for cyber threats like ransomware

Hackers could face up to 25 years in jail if found guilty of cyber offences against Australia’s critical infrastructure, under proposed changes introduced by the government today.

The government tabled the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 in a bid to modernise criminal offences and procedures to respond to the threat of ransomware. It has several proposals that update the Criminal Code Act 1995, the Crimes Act 1914, and the Proceeds of Crime Act 2002.

One proposal is to set a maximum jail term of 25 years for hackers who target critical infrastructure assets. The government said it wanted to ensure that any computer offence against Australia’s infrastructure carries an appropriate penalty and deters would-be offenders.

Australian law enforcement will also be given clear legal authority to investigate and prosecute ransomware crimes and offences that occur in foreign countries, where the crime affects a person in Australia. Law enforcement will also be given the power to seize cryptocurrencies and other digital assets associated with cyber crime.

A new offence will also be created for those who buy or sell ransomware, with the government eager to crack down on the ransomware-as-a-service business model in particular.

The bill also makes adjustments to the law governing unauthorised access to, or the modification of, restricted data and unauthorised impairment of data held on a computer disk. In this case the maximum jail term will increase from two years to five years.

“Although a positive step in the fight against cybercriminals, this deterrent will by no means be the end of ransomware in Australia,” said Camellia Chan, CEO and Founder of X-PHY. “It is imperative that organisations do not rest on their laurels despite tougher punishments for criminals. New ransomware gangs and threat actors who are willing to risk the consequences are sure to emerge.

“Indeed, the devastating attack last year on the Colonial Pipeline in the US proves no organisation is too large to be targeted. Efforts to improve cyber security and bolster defences should be more strong than ever.”

This legislation implements key aspects of the government’s Ransomware Action Plan that was announced on 13 October 2021. The plan set out the government’s strategic approach to tackle the threat posed by ransomware and make it easier to clamp down on cryptocurrency transactions associated with ransomware crimes.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

Australia’s proposals to update the current legislation may be watched by other nations across the globe, many of which lack formal charges against ransomware.

In the UK, the Computer Misuse Act, last updated in 2015, has faced repeated calls to be brought in line with current threats, including from a coalition of businesses and cyber security groups.

The US has the Computer Fraud and Abuse Act (CFAA), which was introduced in 1986 to address hacking. It was most recently amended in 2008 to cover a broad range of conduct far beyond its original intent.

Australia's new bill shadows attempts made by an opposition legislator in June last year, who introduced the Ransomware Payments Bill 2021. That bill would have required victims who make ransomware payments to notify the Australian Cyber Security Centre (ACSC) of key details of the attack, the attacker, and the payment.

Labour MP Tim Watts said it would provide a fuller picture of ransomware attacks in Australia and the scale of the threat. However, the bill did not proceed from the House of Representatives and was formally removed on 14 February 2022.

Other countries have taken steps against ransomware as its use skyrocketed during the pandemic, including the US, which gave it a similar status as terrorism in June 2021. Last November, the Justice Department charged a Ukrainian national with conducting ransomware attacks against multiple victims and also announced the seizure of $6.1 million in funds traceable to alleged ransom payments.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Samsung fined $14 million over misleading water resistance claims across its Galaxy smartphones
Mobile Phones

Samsung fined $14 million over misleading water resistance claims across its Galaxy smartphones

23 Jun 2022
Toshiba eyes $22bn buyout offer in bid to go private
Business strategy

Toshiba eyes $22bn buyout offer in bid to go private

23 Jun 2022
Tencent to open third data centre in Japan
data centres

Tencent to open third data centre in Japan

22 Jun 2022
Can the four-day week take off in Japan?
flexible working

Can the four-day week take off in Japan?

16 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022