Gai Brodtmann (Canberra, Australian Labor Party, Shadow Assistant Minister for Cyber Security and Defence) Share this | Hansard source

The scourge of terrorism, tragically, seems to be an all-too-common theme in our daily news cycle. That's why Labor supports this bill, because we understand that it is crucial to ensure our national security arrangements are kept up to date and responsive to the environment. We have an obligation to keep our communities safe, to keep Australia safe and to protect the freedoms that we enjoy in our society, and, to do that, we need to ensure our systems, our methods and our responses are kept up to date in response to the scourge, as I said, of terrorism that we face, tragically, too often, almost on a daily basis.

This bill, the Defence Amendment (Call Out of the Australian Defence Force) Bill 2018, addresses that commitment to keeping Australians safe, keeping our nation safe, and protecting our freedoms. That is why it, like most areas of national security, has bipartisan support. In July 2017, the government announced a number of measures to enhance the support provided by the Australian Defence Force for national counterterrorism arrangements, and this bill is part of those measures. The Defence Act 1903, as it currently stands, outlines two types of call-out powers: an order for the Australian Defence Force to be called out immediately and a contingent call-out order whereby the ADF can be called out if specified circumstances arise. The Defence Amendment (Call Out of the Australian Defence Force) Bill amends that act to make it easier for states and territories to request ADF support; to simplify, expand and clarify the ADF's powers; to enhance the ADF's ability to respond to incidents occurring in more than one jurisdiction or across jurisdictions; and to allow for preauthorisation for the ADF to respond to threats on land, at sea and in the air, typically used as part of measures during major events such as the G20 or Commonwealth Games. State and territory police forces will remain the first responders to terrorist incidents and a call out of the ADF will only be able to be considered following a request by the state or territory.

This bill will help us respond quickly and appropriately to terrorist attacks, should they happen here in Australia. The threat is real, and the threat is now. Tragically, that is the reality for everyone throughout the world, which is why we need to be as responsive as possible and our legislation and regulations need to be as up to date as possible. In Australia, a terrorist attack is defined as an act that intends to coerce or influence by intimidation, death or danger to a person, property or the public and serious interference with, disruption to or the destruction of critical infrastructure, such as telecommunications or electricity networks. As the shadow assistant minister for cybersecurity and defence, this last point is something I am particularly interested in. In fact, it has become a bit of an obsession of mine—that is, the interference, disruption or destruction of our critical infrastructure through cyberattacks.

The Australian Cyber Security Centre's Threat report 2017 noted that CERT Australia responded to 734 incidents affecting private-sector systems of national critical infrastructure in 2016-17. This equates to significant cyber incidents occurring on these networks more than twice a day. Critical infrastructure sectors are vital to Australia's social cohesion, our economic prosperity and our public safety. They're the facilities and services that keep our hospitals operating, our homes heated, our lights on and our stores stocked. They are the facilities that keep our water running, our water clean and safe and our economy operating. The disruption of this infrastructure—either from physical or cyber-related threats—can have a serious impact on our national security, our social cohesion, our economic prosperity, our economic stability and the stability and security of the nation.

Unfortunately, Australia only addresses four sectors as being at the highest risk in the last act that was passed by the parliament a couple of months ago. We have eight other sectors that have been identified in the TISN, but unfortunately only four sectors were actually covered in the act that passed through the parliament—that is, on the bill that was debated by the government. I do regard that as a significant lost opportunity. The sectors that were discussed in that bill were electricity, water, gas and ports. Each of these sectors has experienced some form of cyberthreat in the past 12 months.

As I said when I was speaking on that bill, while we've got those four sectors that have been the subject of cyberthreats over the last 12 months, we also have the eight sectors that are identified elsewhere. These sectors are very underdone when it comes to the rest of the world. We have a focus on these critical infrastructure sectors. There are eight that we've identified that are crucial to our social cohesion, our economic stability, our prosperity and our democracy. Only four of the eight were actually included in the bill that went through just recently. The eight is a good start. Having only the four, as I said, it was a lost opportunity that the government had with that act that we debated just recently. We really do need to be starting to take the cybersecurity and the physical security of our critical infrastructure seriously. I think we can start doing that by broadening out what we classify as critical infrastructure. In the United Kingdom they've identified 13 sectors that they regard to be critical infrastructure—that is, infrastructure that is vital to the social cohesion, economic prosperity and stability of that nation. In the United States, they have 16 sectors that they've identified as absolutely critical to cohesion, stability, security and prosperity. Canada has identified 10 sectors and Singapore has identified 11 sectors. Here in Australia, as I said, we're a bit underdone in that we've got only eight sectors.

The sectors recognised by these nations that aren't necessarily recognised here include emergency services, information technology, chemicals manufacturing and electoral systems, and it's this last sector that I want to focus on. At the least, electoral systems in Australia should be treated as critical infrastructure, particularly after what we've seen in the United States and in France. We hear throughout the world, whenever an election is held, of fake news and attacks on systems. We need our democracy to be protected. We need people to maintain trust in the way our democracy and our electoral systems and processes are run. They have got to have trust and faith in the underpinnings of our democracy, which are our electoral systems—election days, the ballot system. They have got to have trust and faith in the way we conduct elections and the way the results are collated and published. They need to have trust in the integrity of those electoral systems.

In the US, they've acknowledged that their electoral systems are vital to social cohesion and to their democracy, which is why electoral systems have been recognised in the US as a critical infrastructure sector. I do encourage the government to consider including electoral systems among Australia's critical infrastructure sectors. I also encourage the government to broaden out our list of critical infrastructure sectors to make it more up-to-date and more in keeping with those of other nations, particularly our like-mindeds. As I've said, eight is pretty underdone, and recognising only four in the critical infrastructure bill was a significant missed opportunity, as was the fact that cybersecurity wasn't actually mentioned in that bill. There was no mention of cybersecurity despite the fact that cyberthreats pose as much risk to our critical infrastructure as physical threats do.

We need to think beyond just the protection of critical infrastructure from a physical perspective. We need to start thinking about the protection of critical infrastructure from a cybersecurity perspective, and we've got to start taking our critical infrastructure seriously. It's not enough only to protect the physical safety of our critical infrastructure, or to partially list those services and facilities that are vital to our cohesion, economic prosperity and public safety, or to ignore international cybersecurity standards, or to pretend that threats end where the supply chain starts.

The terrorist attacks that are addressed through this bill are not just about threats to our buildings and infrastructure. They're also threats to our way of life. The threats come not just through physical attacks but also through cyberattacks, which is why we need to start thinking more broadly about threats to this nation, not just in the kinetic sense but also in the cybersense.

In the past four years, 84 people have been charged with terrorism related offences in Australia. We know that it is real and it is now. According to the National Terrorism Threat Advisory System, it is classified as 'probable'. This bill will give our Defence Force the ability to address this probable threat. It will make it easier for states and territories to request ADF support; it will simplify, clarify and expand on the ADF's powers; and it will allow the ADF to respond to multiple incidents across different jurisdictions. It will increase Australia's security in the event of an act of violence here.

That's why Labor supports this bill. The security of our nation is at the forefront of everything we do here, and this bill will continue to lead us in the right direction to ensure a safe, secure and prosperous nation.

See this speech in context