Another government plan to oversight uni cyber security

The Innovative Research Universities suggests it’s a bit much

The feds are keen to ensure universities don’t sign research agreements with the wrong crowd or open dodgy emails – and yet still the government feels the need to protect them further.

The Department of Home Affairs is circulating a draft of a bill to protect critical infrastructure – which includes university cyber assets.

If legislated, the bill would subject organisations covered, to mandatory risk management, and incident reporting and place them under “enhanced cyber security obligations.”

And it would apply to all of a university, not just the bits conducting research Scarlet Overkills will steal if they can.

As to where the over-sighting would be done, the draft suggests “Home Affairs may be best placed to regulate compliance … for the education and research sector.” And ultimately the minister would decide who does what, with the draft; “allowing the minister to require certain entities relating to a critical infrastructure asset to do, or refrain from doing, an act or thing if the minister is satisfied that there is a risk of an act or omission that would be prejudicial to security.”

To all of which the always careful Innovative Research Universities does not respond, “enough already!” But this does seem to be the intent of its submission to the Home Affairs draft.

The IRU recognises the importance of cyber security but suggests the proposed law is a “cumbersome means to achieve this end, for universities and likely for other sectors. “

“Fundamentally it ignores that universities are just as keen as the Federal Government that their operations are not put at risk. Universities are active in working with the Government to reduce risks and to act when incidents occur. The major challenge is the plethora of government agencies requiring action from universities with no coherence to these requirements.

“The overall sense is that the bill enforces action to ensure universities, as part of national infrastructure, are protected. However, it is clear that universities already respond to government information and requests and take advantage of all advice provided.

The IRU suggests universities should be dropped from the proposed bill but if not, the government should talk first to a “sector-wide working group,” about implementation.

Perhaps Home Affairs could call the higher education expert steering-group established last year to oversight creation of “guidelines to counter foreign-interference in the Australian university sector,”  (CMM September 4 2019).