New sabotage laws for cyber attacks on Australia's critical infrastructure

Foreign-backed saboteurs who plant sleeper bugs in critical infrastructure such as telecommunications, power and water that could be mobilised to wreak havoc in the event of a war with Australia will face up to 15 years' jail under the new foreign interference laws.

The new laws reflect the changing nature of war, in which the first shots of a major conflict are likely to come electronically and target critical infrastructure used by civilians. They will replace outdated sabotage laws that cover only attacks on defence facilities.

Sabotage laws will be modernised to cover all major critical infrastructure including utilities; key transport facilities such as ports; and healthcare infrastructure, including the Medicare computer system.

For the first time, sabotage will include planting a device or piece of computer code that can be used to damage Australia's national security or a piece of critical infrastructure. Doing so deliberately will carry a jail term of up to 15 years.

Attorney-General George Brandis said the sabotage changes to the Criminal Code would "transform an outdated wartime law into world-leading provisions crafted to protect Australia's national critical infrastructure in the digital age".

The Turnbull government's package of foreign interference laws - which were set to be introduced to Parliament on Thursday afternoon - will also include a transparency scheme under which people or organisations who legitimately try to influence politics on behalf of a foreign power will need to register on a public list.

Anyone who tries to covertly influence politics with the aim of damaging Australian democracy will face criminal prosecution.

The new sabotage laws, which have been welcomed by national security experts, will complement separate critical infrastructure legislation that was introduced on Thursday afternoon. The infrastructure legislation will compel operators to keep the government informed about their internal governance.

The government will be able to ask companies to make changes to render themselves less vulnerable to attacks. If they refuse, the Attorney-General will ultimately have a "step-in" power to protect national critical infrastructure.

Paul Barnes, an expert in infrastructure risk at the Australian Strategic Policy Institute, said the new laws were "good national governance" similar to those adopted by other countries.

"If you are looking to get great effects without having to commit great resources, attacking civilian critical infrastructure is very effective," he said. "There is a range of coercive actions you can take. We assume everything is going to work OK, [but] all of the modern conveniences we have can be disturbed and that can generate a strong effect on a society."

Jacinta Carroll, a former national security official now with the Australian National University, said the new laws were important in emphasising the motivation and intention of attackers, meaning they could be prosecuted as saboteurs rather than just hackers.

The laws should also make it easier for authorities to chase foreign-backed attackers who were overseas, though the government would need to keep improving co-operation with other governments to make that effective, she said.

This story New sabotage laws for cyber attacks on Australia's critical infrastructure first appeared on The Sydney Morning Herald.