Recent developments in cyber security have brought to light the pressing issue of cyber defence in Australia. With frequent hacks targeting various sectors, including medical services and health providers, as well as the theft of personal information and credit cards, the nation’s cyber-armour appears to have vulnerabilities that need addressing.

The Albanese government’s ambitious goal of becoming a global leader in cybersecurity by 2030 is facing challenges, raising concerns about the country’s cyber resilience. Australian businesses and corporations are grappling with the constant threat of cyber intruders breaching their networks, prompting a call for effective solutions.

Organizations like the Active Cyber Defence Alliance and Telstra Purple are advocating for legal clarity on the concept of ‘active cyber defence.’ This approach involves businesses using countermeasures to identify and impede hackers from carrying out cyber attacks and malicious activities.

Despite the growing need for enhanced cybersecurity measures, the government has yet to allocate sufficient resources or address the legal aspects of active cyber defence. Cyber-criminals targeting Australian national security often face fewer legal consequences compared to organizations striving to protect against such threats.

One proposed solution is the use of ‘deception’ tools by businesses, including fake computer networks, bait documents embedded with malware, and tracing mechanisms to detect malicious cyber actors. However, the legality of employing such tactics remains uncertain in Australia.

Comparing cyber defence to safeguarding physical property, the legal framework around responding to cyber intrusions is complex. While homeowners have the right to use force within reasonable limits to address break-ins, the definition of ‘reasonable’ can be subjective. Queensland is considering legislation to expand the circumstances under which individuals can lawfully respond to home invasions.

In the digital realm, the legal landscape is even more intricate. Electronic data is not considered traditional ‘property,’ posing challenges for businesses in defending against online intruders. The lack of clear regulations adds to the complexity of protecting networks and systems from cyber threats.

As the debate on active cyber defence continues, Australian businesses and corporations are left navigating a legal grey area in their efforts to secure their digital assets. The need for comprehensive cybersecurity strategies and regulatory frameworks is increasingly evident in the face of evolving cyber threats.