Anne Aly (Cowan, Australian Labor Party) Share this | Hansard source

The internet has become a ubiquitous part of our lives, especially among young people who have been called AORTAs—always online and real-time available. In 2010, I presented a paper at the International Cyber Resilience Conference following the release of the Labor government's 2009 Cyber Security Strategy which recognised cybersecurity as a top-tier national security priority. The paper I presented was entitled Building resilient cybercommunities. In that paper, I spoke of the human link in the security system as being the most vulnerable and the need to improve both individual and business culture towards cybersecurity.

I spoke about the need to raise awareness and educate people about the importance of maintaining strong and robust cybersecurity habits—things like ensuring our passwords are safe, logging off when leaving the office and being aware of suspicious messages. These may seem like small and insignificant actions, but the impact of not having a resilient cyberculture can be devastating to business. The 2016 IBM cost of data breach study found that the average organisational cost of data braches for the year was $2.64 million in Australia. That is a per capita cost of $142. Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain and, as a result, they have the highest cost per record. But around one-third of data breaches were due to human error.

For individuals the impact can be equally disastrous, ranging from fairly minor inconveniences caused by malware to leaking of private photographs to identity theft. The recent leaking of explicit photos involving Perth schoolgirls underscores the urgency of a comprehensive cybersecurity education campaign to educate young people about the risks involved in posting private and intimate information online, particularly in an age when the so-called 'selfie culture' has infiltrated traditional boundaries of privacy and confidentiality.

It can sometimes be difficult for those of my generation—and forgive me for making generalisations here—to understand just how hardwired the lives of young people are, but understand it we must. It is not enough to just tell young people about the dangers of posting personal information or explicit photos online just as it is not enough just to tell young people about the dangers of engaging with certain violent extremist messaging online. We need comprehensive strategies in place that are build on an understanding of both positive and negative opportunities the internet offers, and we need to harness the positive and guard against the negative.

But it is also not enough for governments to tell people about the importance of cybersecurity while its own systems remain vulnerable to attacks and breaches. The ABS has reported 14 data breaches since 2014. Most recently, of course, we had the major denial of service attack on the 2016 census. A recent Four Corners investigation reported that sensitive Australian government and corporate computer networks have been penetrated by cyberattacks in the last five years. Newstat Limited, whose assets were sold off last year, was among those and was so completely hacked that it had to rebuild its entire network. And of course the most recent breach of Medicare and PBS data again reminds us that government is not immune. I reiterate the words of Labor's shadow minister for health that the government's 17-day delay in admitting the breach is simply unacceptable, particularly when there are reported to be around 1,500 downloads of that data.

While I rise today to commend any efforts to increase awareness of cybersecurity and individual responsibility in creating strong and resilient cybercommunities, I also rise to remind this government that they too above all have a responsibility to ensure that they take cybersecurity seriously. This should not be a case of 'do as I say and not as I do'. The government should lead by example, and cybersecurity starts with and ends with this government.

See this speech in context