Mark Dreyfus (Isaacs, Australian Labor Party, Shadow Attorney General) Share this | Hansard source

Labor have a long track record, stretching back to the foundation of our party, which reflects our understanding that it's the paramount responsibility of all parliamentarians, whether in government or in opposition, to keep our community safe and our nation secure. That's why Labor has consistently worked, both in government and in opposition, to ensure that our intelligence and law enforcement agencies have the powers and resources they need to carry out their vital roles. We know that the security threats we face are changing and we will continue to work constructively with the government to ensure that our laws are adapted to meet those threats. Consistent with our commitment to national security, Labor supports the Security of Critical Infrastructure Bill 2018 and the related Security of Critical Infrastructure (Consequential and Transitional Provisions) Bill 2018. We support these bills because we recognise the need to manage national security risks arising from the possibility of malicious interference in our critical infrastructure. Labor believes these bills strike an appropriate balance, imposing only the necessary and relatively minor regulatory requirements needed to improve the management of potential threats to our critical infrastructure.

The Security of Critical Infrastructure Bill provides 'a risk based regulatory framework to manage national security risks from foreign involvement in Australia's critical infrastructure'. The bill focuses primarily on the risk of sabotage, espionage and coercion in Australia's highest risk critical infrastructure sectors of electricity, gas, ports and water. Labor recognises that involvement in the Australian economy by foreign entities and individuals, particularly in the development and maintenance of Australian infrastructure, plays an important and beneficial role in supporting economic growth, creating employment opportunities, improving consumer choice and promoting competition. It also makes Australia an attractive destination for investment in foreign markets. However, with increased privatisation of Australia's critical infrastructure, frequent outsourcing and offshoring of supply chain arrangements, and the fact that Australia's international investment profile is changing, critical infrastructure is increasingly exposed to the risk of sabotage, espionage and coercion. This bill is an appropriate step to inhibit malicious conduct undertaken covertly which may have damaging implications for Australian society.

The regulatory framework in the bill is modelled substantially on the telecommunications sector security reforms, which were enacted last year as the Telecommunications and Other Legislation Amendment Act 2017. These reforms include, first, a security obligation on all telecommunications carriers, carriage service providers and carriage service intermediaries who will, under the reforms, be required to do their best to protect networks and facilities from unauthorised access and interference, including a requirement to maintain competent supervision and 'effective control' over telecommunications networks and facilities owned or operated by them. All carriers and nominated carriage service providers will be required to notify government of planned changes to their networks and services that could compromise their ability to comply with the security obligations. This is markedly similar to the notification concept that is contained in the bill that's now before the House. Further, the Secretary of the Attorney-General's Department has the power to obtain information and documents from carriers, carriage service providers and carriage service intermediaries to monitor and investigate their compliance with the security obligations.

Similarly, in the telecommunications sector, the Attorney-General has a new directions power to direct a carrier, carriage service provider or carriage service intermediary to do or not to do a specified thing that is reasonably necessary to protect networks and facilities from national security risks. Labor supported the telecommunications sector security reforms because Labor considered the codification of pre-existing beneficial relationships between government and the telecommunications sector would give greater certainty that as ownership of Australia's telecommunication infrastructure changed, the government would continue to process the appropriate mechanisms to work constructively with the sector to safeguard vital infrastructure.

It's worth saying about the telecommunications sector security reform that it was a long time in the making. Labor commenced the work on the telecommunication sector security reforms in around 2010. They were the subject of consideration by the Parliamentary Joint Committee on Intelligence and Security in a lengthy inquiry in 2012, and recommendations were made in a subsequent report of the Parliamentary Joint Committee on Intelligence and Security that further work be done to develop the telecommunication sector security reforms. They eventually came forward and became law in the Telecommunications and Other Legislation Amendment Act 2017, when that was finally brought forward.

No harm occurred because of the time that it took to bring to the parliament the codification that's bound up in the telecommunications sector security reforms legislation for the pretty simple reason that there is a very high degree of cooperation between telecommunications sector companies and the government of Australia. There has been a very high degree of cooperation for a very long time in relation to national security matters, and the purpose of the telecommunications sector security reform legislation was actually not to deal with any problem that had arisen up to that point—or even up to now—with cooperation from telecommunication sector companies and the government in relation to national security matters. Rather, the purpose of the legislation was to ensure that if any problem did arise in the future where a national security issue arose and action was needed from a telecommunications sector company, and in the event—and I'd have to say in the unlikely event—that the telecommunications sector company declined to cooperate with a request by government, the government would have not only the necessary powers to require that information be produced but, in addition, the necessary power to direct the telecommunications sector company to undertake actions that were required to protect Australia's national security.

The TSSR legislation applies to around 280 active carriers and a further number of carriage service providers. What's occurred in the Security of Critical Infrastructure Bill 2018 that's now before the House is that the model that was devised for the telecommunication sector security reforms has been applied here in relation to critical infrastructure. The Security of Critical Infrastructure Bill adopts a very similar regulatory structure to the telecommunications legislation. In contradistinction to the rather larger number that the telecommunications law applies to, the Security of Critical Infrastructure Bill will apply to the owners of around 140 critical infrastructure assets. As I've said, those critical infrastructure assets are ports, electricity, gas and water assets. Some of them are owned by private sector entities and some of them are owned by state government entities.

As with the telecommunications sector, Labor supports the need for regulation of the sectors which have these critical infrastructure assets. This will ensure that critical infrastructure assets, where they are partly owned by foreign entities—perhaps I should say particularly where they are partly owned by foreign entities—are still subject to control and direction by the Commonwealth. It's fundamental to the maintenance of the security, safety and prosperity of Australians that the owners of critical assets can be required to provide relevant information to government and that in times of emergency they can be directed to ensure that the needs of Australian society are met. This was a sentiment shared by state and territory governments and by industry and peak organisations, who have all expressed support for this bill in submissions to the Parliamentary Joint Committee on Intelligence and Security. This sentiment was not a new resolve but, rather, the agreement for a mechanism that allows both information gathering and directions powers for critical infrastructure assets.

In essence, this bill is a formalisation of longstanding conventions under which industry assists the government of the day to ensure control over electricity assets, gas assets, water assets and ports—of course, always in relation to any national security problem that might arise.

As I pointed out in relation to the telecommunications sector security reform, this legislation is not being introduced to deal with any actual problem that has arisen in dealings between the owners of these around 140 critical infrastructure assets and the national government. Rather, the legislation is being introduced to ensure that in any future eventuality, where the owner of one of those critical infrastructure declines to cooperate with a government request in relation to a national security matter or declines to cooperate with a government request for information about some aspect of a critical infrastructure asset that relates to a national security issue, the government will have the power to compel the production of information and to ensure that the government will have the power to direct an owner of a critical infrastructure asset to take a particular action that is needed for Australia's national security.

The bill presently sets out water, electricity, gas and ports above a certain threshold as critical assets. It will be obvious to the House that these assets are all fundamental to the daily functioning of households and businesses. The bill defines a 'critical water asset' under clause 5 as 'a water or sewerage system or network that is used to ultimately deliver services to at least 100,000 water connections or 100,000 sewerage connections under the management of a water utility'. That will give the House some idea of the scale of assets that are dealt with in this Security of Critical Infrastructure Bill. It's self-evident that all Australians require a clean and reliable supply of water and that disruption to Australia's water supply or water treatment facilities could have major consequences for the health of citizens, the viability of all institutions in Australian society, and the economy.

Similarly, a critical electricity asset is set out in clause 10(1)(a) as:

(a) a network, system, or interconnector, for the transmission or distribution of electricity to ultimately service at least 100,000 customers.

That provides the criticality for an electricity asset. The proper functioning of the Australian economy requires electricity, self-evidently, and keeping the lights on in Australian homes is a fundamental and basic necessity. It's clear that electricity assets providing transmission and distribution services across the country also form a core part of the nation's critical infrastructure.

A critical gas asset is defined in clause 12 of the bill as:

(a) a gas processing facility that has a capacity of at least 300 terajoules per day or any other capacity prescribed by the

rules;

(b) a gas storage facility that has a maximum daily quantity of at least 75 terajoules per day or any other quantity prescribed by the rules;

(c) a network or system for the distribution of gas to ultimately service at least 100,000 customers or any other number of customers prescribed by the rules;

(d) a gas transmission pipeline that is critical to ensuring the security and reliability of a gas market, in accordance with 3 subsection (2).

It is axiomatic that gas in Australia—like the other two services that I mentioned, water and electricity—is important. It is a required element for a wide range of industrial, commercial and residential uses, and it is an increasingly important export commodity as well.

Gas is particularly important for gas powered electricity generators, which account for approximately 20 per cent of Australia's electricity, and for manufacturing, which relies on gas for approximately 40 per cent of net energy requirements. We expect these numbers will grow as Australia transitions to a clean energy economy. Accordingly, the protection of gas infrastructure as a critical asset will grow, not diminish, over time. By defining the level of criticality, the bill limits the regulatory burden to Australia's largest and highest-risk critical assets. That is how we get to the 140 assets that are going to be the subject, potentially, of this regulatory scheme.

The bill will supplement the existing Foreign Investment Review Board's mechanism through which the Commonwealth can implement mitigations. However, because this only applies to foreign investments above certain thresholds at the time of the proposed transaction, it is not possible to use the FIRB mechanism to address risks in outsourcing or offshoring for assets owned by domestic entities or where sales fall outside of the FIRB screening thresholds. Accordingly, the creation of the security of critical infrastructure framework will improve upon existing safeguards that protect critical assets.

In practice, the Security of Critical Infrastructure Bill 2018 will add to the work currently undertaken by the Critical Infrastructure Centre, which collaborates with asset owners, asset operators and state and territory regulators to identify risks, implement asset-specific mitigation strategies and develop sector-wide best practice guidelines. The Critical Infrastructure Centre engages with asset owners and operators through the Trusted Information Sharing Network and directly, as needed.

The Parliamentary Joint Committee on Intelligence and Security conducted an inquiry into this bill and heard from a range of affected industries, including peak industry bodies and other interested parties. I thank the members of the Parliamentary Joint Committee on Intelligence and Security for the customary cooperative work that the committee was able to undertake on this inquiry, which resulted in nine recommendations that the committee has made to the government and the parliament.

In recommendation 1, the committee recommended that the Department of Home Affairs, in consultation with the Department of Defence and the Department of the Environment and Energy, review and develop measures to ensure that Australia has a continuous supply of fuel to meet its national security priorities. As part of developed measures, the committee recommended that the Department of Home Affairs should consider whether critical fuel assets should be subject to the regulatory regime which is being established by this bill. The committee considered that the department should conclude this review within six months. As a member of the committee, I note that the committee would like the department to brief the committee on the outcomes of the review, following its conclusion.

There was some consideration in the inquiry about fuel as an additional aspect to critical infrastructure. Again, it's self-evident that Australia is highly reliant on fuel infrastructure. Australia is presently almost entirely reliant on imported fuel. There are issues about storage of fuel in Australia. The purpose of this first recommendation of the committee was to invite the Department of Home Affairs and the other government departments mentioned to consider seriously whether or not fuel related infrastructure should be added to the categories dealt with by this new regulatory regime.

In recommendation 2:

The Committee recommends that the Department of Home Affairs examine the viability of developing a common data entry portal for use across Commonwealth, state and territory databases that require information from the same reporting entities.

This would limit the amount of reporting and allow the distillation of relevant information used by governments at Commonwealth, state and territory levels. A number of submitters to the inquiry made the point that all of them operate in highly regulated environments already. That, again, is self-evident: gas, water, electricity and ports are regulated by not only a range of Commonwealth laws and regulations but also a range of state laws and regulations and, in some cases, local council by-laws. All of those laws and regulations at local, state and Commonwealth levels require the owners of these 140-odd infrastructure assets to provide both a whole lot of information when they are setting up these particular assets and a whole lot more information to local, state and federal governments on an ongoing basis, often with annual reporting requirements. It's obviously desirable that these owners of critical infrastructure assets not be burdened with yet another disparate level of regulation or information provision requirement. If it's possible to develop some kind of standardisation of the information they're required to provide to local, state and federal governments, it will not only make the task of the owners of these critical infrastructure assets easier but also probably improve comprehensibility of the information provided and ready access by the national government to the information relevant to national security issues. It's desirable that the viability of a common data entry portal at least be examined, as the recommendation suggests.

In recommendation 3:

The Committee recommends that the Department of Home Affairs develop guidelines for entities subject to the Security of Critical Infrastructure Bill 2017. The guidelines should:

These guidelines should be made available prior to the end of the three-month transition period.

Again, this is consciousness on the part of the members of the committee that it's very important that ease of use and lightness of application be considered with any new regulatory scheme, that the obligations cast on the owners of critical infrastructure assets should not be any heavier than they need to be and that, in aid of that lightness of touch, guidelines ought to be developed so that owners of critical infrastructure assets immediately understand exactly what is required of them by this new regulatory scheme.

In recommendation 4:

The Committee recommends that the Security of Critical Infrastructure Bill 2017 be amended to more appropriately define direct interest holder in order to capture the intended full range of ownership arrangements.

Further, the Explanatory Memorandum and the Bill should clarify that:

The government has implemented this recommendation in amendments passed in the Senate today.

In recommendation 5:

The Committee recommends that the Department of Home Affairs include in guidelines to be developed for entities subject to the Security of Critical Infrastructure Bill 2017, information regarding:

In recommendation 6, the committee recommended that the explanatory memorandum to the bill be amended to list the factors that the secretary must have regard to when deciding whether to disclose protected information under proposed sections 42 and 43 of the bill. Factors should include whether the disclosure is consistent with the object of the bill, and whether the purpose of the disclosure is proportionate to the sensitivity of the information being disclosed. The government has implemented this recommendation in tabling the explanatory memorandum in the Senate today.

In recommendation 7, the committee recommended that the explanatory memorandum to the bill be amended to clarify that the bill does not affect the operation of existing privacy obligations. In particular, the explanatory memorandum should clarify that proposed section 39 does not affect the operation of Australian Privacy Principle 11.2, and that the Department of Home Affairs as the administering agency would need to destroy personal information if it were no longer necessary. The government has implemented this recommendation in tabling the supplementary explanatory memorandum in the Senate today.

In recommendation 8, the committee recommended the bill be amended to require the relevant minister to provide to the subject entity notice of an adverse security assessment given in connection to the bill and merits review rights. The committee considered that the bill should be amended to align with requirements under section 38A of the Australian Security Intelligence Organisation Act 1979. The government has implemented this recommendation in the amendments passed in the Senate today.

In recommendation 9, the committee recommended the bill be amended to require the Parliamentary Joint Committee on Intelligence and Security to review the operation effectiveness and implications of the reform, commencing within three years of the bill receiving royal assent. The review should consider the appropriateness of a unified scheme to cover all critical infrastructure assets, including telecommunications assets. As I indicated at the start of these remarks, this particular regulatory scheme is modelled on, and is very close to, the regulatory scheme that forms part of the telecommunications sector security reforms. In conducting the review, the recommendation was that the Parliamentary Joint Committee on Intelligence and Security should also consider circumstances where the minister has used the declaration power under section 51. The government has implemented this recommendation too in amendments passed in the Senate today.

Regulatory schemes such as that proposed in this bill work best in a dialogue between government and the affected industries. Industry, government and the community all benefit from asset owners knowing in advance what is required of them and taking necessary steps without government needing to resort to regulatory enforcement. Labor believes that the committee's recommendations make it easier for the bill to achieve these ends. Accordingly, Labor supports the amendments which have been made by the government, which give effect to the recommendations of the Parliamentary Joint Committee on Intelligence and Security.

Those recommendations not requiring amendments to the bill or amendments to the explanatory memorandum were also all accepted by the government. It's a demonstration of the value of the collaborative and bipartisan processes of the Parliamentary Joint Committee on Intelligence and Security. Labor members worked collaboratively on the PJCIS, and we thank the government for its acceptance of the recommendations made in the inquiry. These bills are a useful addition to the regulatory architecture that protects and maintains critical infrastructure assets which are important to Australia's security and its continuing economic and social wellbeing. I commend these bills to the House.

See this speech in context