Thank you, Chair.
My name is Luke Sheehy, and I am the Chief Executive Officer of Universities Australia – the peak body for Australia’s 39 comprehensive universities.
Can I start by acknowledging the traditional owners of the various lands we are all gathered on today and pay my respects to elders past and present.
Thank you to the Committee for the opportunity to be here today and contribute to this important discussion.
The higher education sector has a strong interest in the enhancement of cyber security protection in Australia.
Our universities are highly engaged with this area, providing inputs into, and sharing best practices on cyber security with, forums including:
- the University Foreign Interference Taskforce
- the Council of Australasian University Directors of Information Technology
- the Australasian Higher Education Cybersecurity Service
- the Trusted Information Sharing Network, and
- the Enhancing Cyber Security Across Australia’s University Sector Project delivered by RMIT.
This has led to a significant increase in awareness and responsiveness to cyber security issues across the sector, and a maturation of threat modelling, policies, procedures, and governance within our universities.
Continued engagement within the sector and with government has ensured that obligations under the Security of Critical Infrastructure Act 2018 have been comprehensively met, although there are areas of this legislation that lack definitional and operation clarity.
Universities Australia is broadly supportive of the legislative package, but we do have some concerns around the increased reporting obligations and duplicative requirements for universities contained in the legislation.
Our submission outlines the impact of these additional measures on universities, as well as suggesting some ways the legislation can be improved to strengthen the framework.
Chair, I am happy to take questions and discuss any or all aspects of our submission to the inquiry.
Thank you.
