Nola Marino (Forrest, Liberal Party) Share this | Hansard source

As we know, Australians do need fast, reliable, affordable and secure broadband services, and my electorate has many broadband black spots and backhaul issues. It is a seriously underserviced area, one of the underserviced areas around Australia. It should be a priority under any broadband plan to deliver to areas where not only the technology has not been available previously but also where government services have not been available previously, and I will keep working for better broadband sooner for the Forrest electorate. But, unfortunately, Labor’s National Broadband Network is not the best way to meet the needs of Forrest or the rest of Australia. If it were so, given that this is the Labor government’s fourth year in office, in my electorate the underserviced areas would have already had delivery. But now we have another never-never plan for the south-west.

Given that the National Broadband Network Companies Bill 2010 and the Telecommunications Legislation Amendment (National Broadband Network Measures—Access Arrangements) Bill 2010 relate to access, I have a number of questions about the management, engineering design and security, as well as the commercial terms. Specifically on the commercial terms: given that there will be no parliamentary oversight, how will we know whether ISPs have equitable access? How many will actually have access? This government is notorious for picking winners and losers. The lack of scrutiny and oversight will enshrine this opportunity for the government, unfortunately.

I also want to know who is responsible for the national security issues in the construction and maintenance of the NBN. The government now has this responsibility because of the total government control of the NBN. This will give the government far greater control over broadband than even the government in communist China had. But with this total government control and ownership comes total government responsibility for the national security issues of the NBN and total taxpayer liability for security breaches and commercial costs where fibre network breaches occur. The NBN places Australia in a situation where acute oversight of the NBN is a matter of national security as well as government agency and individual customer security.

Who at this moment is responsible for the security and integrity of the fibre technology and components during the construction phase? Who is doing that? Who was responsible for the engineering of this security? Who has oversight of this engineering and design? Who is making sure there are no inherent design flaws and faults that could lead to not only national security problems but also commercial or personal security breaches? Who has oversight of the physical components being used in the construction? Who is responsible for the ongoing maintenance and efficient end-to-end security of the fibre-optic cable, given the scale of the NBN? What entity will provide a report on the ongoing integrity of not only the fibre-optic cable where the fibre is installed at the premises but also the sites where the NBN connects to the wider internet? What agency will provide oversight for NBN customers as well as taxpayers that NBN Co. ensures that there is no tampering with the fibres—for instance, that there are no added illicit links? Who is responsible for the physical hardware and software security?

I understand that in the United States, the National Security Council is overseeing their form of the NBN. Do we have that same level of security here? What is the taxpayer liability for any legal action arising from evidence that breaches or tapping of the NBN fibre cable is responsible for commercial costs and losses? Who will provide the independent security audits for NBN Co.? Who will be liable if there is a serious breach in the security of the system? Who will pay?

Who is protecting our national security: will it be the entity defined in this bill—the NBN Co.—that restricts NBN Co. to business and financing activities directly related to its core function of supplying wholesale communication services? Maintaining the integrity and security of the NBN will be part of NBN Co.’s core functions, whether the government admits this or not. Cyberterrorism is a serious and growing transnational security issue. When the NBN is finally complete in 2030 or so—I think that is the latest estimate—93 per cent of all premises in Australia will be linked to the NBN single fibre loop. When the data of government departments and agencies, of hospitals, of key city and regional infrastructure, of water delivery systems, of electricity systems, of emergency services—core critical services—is concentrated, what a prime target for cyberterrorists and transnational crime it will be.

The NBN will facilitate instantaneous crime at a speed and frequency we have never experienced in this country. I was a member of the House of Representatives Standing Committee on Communications when it inquired into cybercrime. Our report stated very clearly that cybercrime is now a sophisticated transnational threat that operates on an industrial scale and has become an increasingly important issue for the global community. A report by the Kokoda Foundation, entitled Optimising Australia’s response to the cyber challenge, released on 4 February this year at the National Press Club, said:

… cyber security has become the fundamental weakness in Australia’s national security, and that the threat is poorly understood by politicians, business people and the general public.

This report was co-authored by former Deputy Chief of Air Force John Blackburn. The report identifies that Australia has reached the point where our ability to respond to internet attack is being rapidly outpaced by advances in cyberattack and cyberterrorism. The foundation also states:

A case in point is the mooted National Broadband Network (NBN) … once the network is built, taking high-speed broadband services through fibre-optic cable to an estimated 93 per cent of households, responsibility for maintaining cyber security will rest with retail service providers rather than NBN Co.

It is inconceivable that the government would try to absolve itself of any level of responsibility for internet and cybersecurity in designing, building and maintaining the fibre system. This is a national security issue. NBN Co. and the government cannot walk away from that. As I said, it will be end-to-end cyberinfrastructure on a scale never seen here or anywhere else in the world. The job of securing that system will also be of a scale that we have never experienced and it will facilitate cybercrime and cyberterrorism opportunities on a scale we have not experienced.

I strongly suggest that a former Deputy Chief of Air Force knows what he is talking about in relation to national security. Essentially, from Air Vice Marshal Blackburn’s comments, by the very nature of the interface between NBN Co. and internet service providers, our national security will by default become the responsibility of internet service providers. I am told that it is not at all difficult or expensive to tap into a fibre. In fact, a transparent tap can be applied at the point of access to the premises in about three minutes flat.

I also want to know where the 14 points of interconnect will be physically located. Who will be responsible for the impact of cyclones, flood or fire on the National Broadband Network itself, as well as the 14 or so points of interconnect? I want the Minister for Broadband, Communications and the Digital Economy, Senator Conroy, to answer this question: was the connection point for Queensland located on the flood plain and is it still located on the flood plain? Are the rest of the proposed POIs located out of high-risk areas? We have seen what has happened with floods and cyclones. This is particularly relevant, given that the majority of the fibre in Tasmania is overhead cabling. Will this be NBN Co.’s cost and risk or the taxpayers’ cost and risk? What is plan B for any major damage to the NBN’s single backhaul loop? I have discussed some of these issues with Dr Walter Green, a WA telecommunications engineer. He said it is vital for the government to build security transfer into the NBN to accommodate the transport of data.

NBN Co. only allows for 14 points of interconnection, or POIs, to be located in the major cities across Australia. I note that the ACCC recommended that 195 POIs be built. It is an unfortunate reality that just 14 POIs, or even 30 POIs, would be easy targets for terrorist groups wanting to disable or damage the country’s entire internet system. In practical terms, at least one million people, businesses and government agencies or departments will be connected to each one of these 14 POIs. They would be excellent targets for sabotage or could be exposed to national disaster. Imagine what damage could be caused and what threats to our security there would be even if you took out two or three of those. That is all it would take.

That is just one example of a serious engineering flaw; it is a national security risk. I also question whether the NBN design will handle 13 million customers, each with 100 megabits per second. That is a cumulative 1,300 terabits of data. I understand that there are only six or so one-terabit fibre links in the world right now. Does the NBN have the capacity to handle this?

The NBN will have a massive amount of traffic from customers at each POI. I ask: can it handle that volume? I note that Alcatel-Lucent, a supplier of electronic equipment to the NBN, recently prepared a security perspective of the NBN, which explained what other organisations need to do to ensure security—most of which I understand is common knowledge. But there are two main concerns with two security components that are under the control of the NBN. Firstly, the claim that it is difficult to tap into a fibre cable is false. I am informed that fibre to the premises used to be expensive until a simple low-cost method of tapping into a fibre was developed. That is the very technology that reduced the cost of fibre. The claim that it is easier to tap into copper is no longer true as these fibre-tapping devices are now widely available and it is the capacity to tap into fibre that underpins the NBN fibre rollout.

Secondly, there are two points that can be accessed at the NTU: the fibre connection and the copper ethernet connection to the devices in the home or premises. I am told that the encryption process used by a gigabit passive optical network creates another management overhead cost for carriers. Given this, will the encryption for the GPON be turned on for all network connections or will it be an extra feature that customers will have to pay for? This encryption will not necessarily provide security. I understand that the GPON encryption can be bypassed when a hacker taps into the copper ethernet connection of the network terminal unit located in protective casing, which I understand will be located at the front of the premises. That is why the building owner should have the choice of placing the NTU inside the house to prevent illegal tapping—although I note that in the current plan, customers have to pay for their NTU to be installed inside their properties.

I want to know who will maintain security at ‘the pit in the road’ point? What is to stop someone unscrewing the cap, plugging in monitoring equipment and a small wireless service, monitoring traffic for 24 hours or whatever time they want, then coming back and retrieving the information? NBN Co. claims it will encrypt the data between the premises and the POI. I wonder how the NBN will manage 13 million passwords? The minister must confirm that each customer will have their own key.

I have also been unable to secure from the minister any confident information about when the NBN will be rolled out in the south west; which towns in my electorate will be connected to the NBN via fibre cable, which will have wireless service and which would have to use satellite? Given that the NBN will only provide universal wholesale prices to retailers, will the regional and rural consumers in my electorate be paying the same amounts as metropolitan consumers, whether it is for connection to the NBN, satellite or wireless? And what proportion of the network will be installed as overhead cables? These are vital questions that deserve to be answered and I encourage the minister to respond to my constituents in a timely manner.

I see that the NBN will cost at least $50 billion. I suspect that that will be quite a conservative estimate by the time it is finally built. As we know, any prudent, responsible government would have committed to a comprehensive cost-benefit analysis. There really has been no external appraisal of the viability of the NBN. It is really incumbent on a responsible government to deal with these particular issues. We know about the growth in wireless and other technologies. The minister must answer the key questions that I have raised in relation to the management, engineering design and security as well as the commercial terms, given that there is no parliamentary oversight on whether ISPs have equitable access.

I think that these issues of security certainly need to be dealt with. The Standing Committee on Communications in its inquiry into cybercrime tabled a report called Hackers, fraudsters and botnets. A number of witnesses who gave evidence to the committee mentioned that the NBN was a future cybersecurity issue that had to be dealt with. I really want the minister to address the specific questions that I have raised in this speech today.

See this speech in context