Shayne Neumann (Blair, Australian Labor Party, Shadow Minister for Indigenous Affairs) Share this | Hansard source

The Auditor-General has been scathing in its assessment of the minister's management of the department and key projects within it. In September 2016 we had the Offshore processing centres in Nauru and Papua New Guinea: procurement of garrison support and welfare services report. In January 2017 there was the Offshore processing centres in Nauru and Papua New Guinea: contract management of garrison support and welfare services report, which highlighted the minister's failures and the dysfunction in the department. The report highlighted that, under the coalition government, the department had spent over $1 billion without appropriate authorisation and had no ability to demonstrate appropriate risk management or even deliver value for money for the Australian public.

It only got worse. In February 2017 The Australian Border Force's use of statutory powers report was released. In that case, the ANAO found the Australian Border Force were conducting unlawful and inappropriate searches of passengers at international airports and routinely questioning people without documenting their legal authority to do so. So it would come as no surprise that in March 2017 the ANAO released the Cybersecurity follow-up audit which found that, under this minister, the Department of Immigration and Border Protection was only compliant with one of the top four mitigation strategies and was not cyber-resilient. 'Cyber-resilience' is defined as 'the ability to continue providing services while deterring and responding to cyberattacks'. Cyber-resilience also reduces the likelihood of successful cyberattacks. The Department of Immigration and Border Protection is not cyber-resilient. It has failed to comply with the top four mitigation strategies. In fact, during Senate budget estimates, when asked about the ANAO report, departmental officers admitted: 'I do not disagree with the Auditor-General's finding technically. Technically they are correct; we are not compliant.' This comes on top of testimony at Senate estimates that the department is regularly a target of cyberattacks.

Minister, the immigration department collects and stores personal details and biometrics, including photographs and passport data, of millions of Australians and overseas travellers who pass through our borders each year. Do you agree the report accurately reflects the risk associated with the department's cyber-resilience? Given how many times the department is targeted by hackers and suspicious emails, is the Turnbull government putting the personal information of travellers at risk because of the department's failure to meet basic cyber-resilience benchmarks? Does the minister believe he is putting Australia's reputation as a tourism destination of choice at risk by failing to do all he can to protect travellers' personal and travel information? Why did the minister fail to meet the 2014 deadline for ensuring his department was cybersecure? What resources is the minister allocating to ensure the department is up to scratch on cyber-resilience?

Minister, can you guarantee that your department will meet benchmarks at the next cyberaudit? Are you aware that your department is under cyberattack on a consistent basis? Are you confident that the department can withstand the repeated cyberattacks? Minister, can you give this House a personal assurance that, under your watch, personal information about travellers and Australians will never be hacked from the Department of Immigration and Border Protection?

See this speech in context