Monday, 21 June 2010
Communications Committee; Report
On behalf of the Standing Committee on Communications I present the committee’s report entitled Hackers, fraudsters and botnets: tackling the problem of cyber crime, together with the minutes of proceedings and evidence received by the committee.
Ordered that the report be made a parliamentary paper.
Today I table the report of the House of Representative’s Standing Committee on Communication’s inquiry into cybercrime. Over the past 12 months the committee has heard evidence from a wide cross-section of government, industry and the community on the impact of cybercrime on the Australian public. The report is a substantial contribution to the cybercrime policy debate in Australia. The message was clear and consistent: Australia needs to take a more comprehensive approach, a ‘whole-of-cyberspace’ approach that takes account of ordinary Australians and shifts away from the fragmented approach to tackling cybercrime which presently dominates the issue, and move to a coordinated approach between government, the private business sector, service providers and law enforcement authorities.
In 2009 alone the number of Australian internet subscribers grew by one million to a total of nine million. The global estimate is approaching two billion. The digital economy is here and here to stay. While the benefits of a connected world are undeniable, increased connectivity brings increased risks. Cybercrime has grown from the nuisance hacker into organised transnational crime committed for vast profit. Malicious code, malware, identity theft and botnets—cybercrime continues to evolve and grow. An underground digital economy has emerged by which cybercrime tools and stolen information can be easily traded. These crimes take a significant toll on everyday Australians. Cybercriminals have identified home users and small business as the weak links in the chain and are conscientiously targeting these groups. The emotional and financial consequences for Australian victims of cybercrime are real, lasting and significant.
Despite the prevalence of cybercrime, the committee does not accept that the internet is an unpoliced Wild West. The internet is subject to the same laws as the offline environment. I commend the ongoing efforts of the government to combat cybercrime. However, under current arrangements, end users have largely been left to fend for themselves. This is no longer a tenable position. We must achieve a model of shared responsibility that brings industry, government and the community together. To achieve this goal the committee has made a number of significant recommendations. These are based on the unanimous view that e-security education alone is not sufficient to protect end users.
The committee has recommended that an office of online security be established within the Department of Prime Minster and Cabinet, headed by a cybersecurity coordinator—a cyber-tsar—to work with all levels of federal, state and territory governments, industry and consumers, and with international partners. The office must be centrally located and not be biased towards one particular policy area such as national security. The coordinator will need to have both government and industry experience—someone who can cut through red tape and work with all parties. The committee has also recommended a 24/7 national cybercrime complaint centre—a one-stop shop—and hotline to assist everyday Australians. This approach will also help enforcement agencies to see the bigger picture of organised cybercrime. If we can follow the footprints of cybercriminals, we can ultimately identify them and prosecute them. The report also recommends the development of a centrally managed national e-security education strategy.
The Standing Committee of Attorneys-General recently announced national cybercrime measures. I commend greater national collaboration but would caution against seeing this as a role purely for the Attorneys General. The committee has emphasised the importance of a national, multisectoral, strategic and coordinated response to cybercrime through, for example, strong consumer protection and privacy laws. Significantly, the committee has recommended a mandatory e-security code of practice to put to the internet industry. The recent voluntary code for ISPs is a step in the right direction, but the committee wants a clear obligation for ISPs to notify subscribers when their computers are infected. Nine-two per cent of internet consumers support this notification, and it is very clear that, in the present circumstances, unless the ISPs notify consumers, many consumers are oblivious to the fact that their computer has been hijacked. It is essential to remediate infected computers, dismantle botnets and identify the sources of cybercrime. End users should also be expected to install antivirus software before connecting to the internet.