three main points are as follows:
1. Cyber security and cyber resilience require a shared national strategic vision, supported by
laws, policies, advocacy, education, skills, training, and funding. The government is asking
everyone – individuals, families, communities, regions, cities, businesses, not-for-profits,
governments – to opt-in to that vision. To achieve national alignment and clarity,
collaboration, communication, and cooperation will be the crucial mechanisms for success
and managing complexity. This requires understanding what is already there (the full
complexity of the existing legal and policy framework) before adding new components.
2
2. Cyber security, like many other complex fields,1 exists in shared regulatory space.2
Overlapping regulatory frameworks, functions and authority are normal in a complex field
such as cyber security. Research in Australia and elsewhere demonstrates that the best
strategy for mitigating the known harms, and harnessing the known benefits, of regulatory
overlap is the use of enhanced coordination and cooperation tools. A new Cyber Security Act
could achieve this by engaging directly with the coordination and cooperation challenges of
multiple agencies, regulators, departments, and stakeholders. However, in enhancing
cooperation and coordination, strong accountability and transparency mechanisms must be
hardwired into the regulation.
3. New mechanisms for reform must aim to improve cyber security outcomes for society, the
economy, and the national interest. A new Cyber Security Act and further amendments to
the Security of Critical Infrastructure Act 2018 (Cth) (‘SOCI’) provide publicly scrutinised
legislative solutions to the problems cyber security policy seeks to solve. While flexibility for
government and businesses is important, government must carefully assess the kind of
matters that can be decided in delegated legislation (eg, regulations, declarations, notices),
or in co-regulatory and self-regulatory mechanisms (eg, codes of practice, guidelines,
assessments, standards), and those which belong in the primary legislation due to: their
importance to the operation of a legislative scheme; the need for certainty and clarity
around obligations; and to support Australia’s underlying democratic values