Andrew Hastie (Canning, Liberal Party, Assistant Minister for Defence) Share this | Hansard source

I will respond to the motion. I thank the members for Clark and Kennedy for moving this motion. I know they are both coming from the same place. Both have served our country in uniform, and I know they both appreciate the growing threats to our security in the region. I understand their keen interest in this matter. It's an interest that I share. It's an interest that many Australians share. Members may recall that I made comments about this matter some years ago as a backbencher, and they are views that I still hold.

Australia's digital sovereignty is near and dear to my heart, as it is to the hearts of the members behind me on this side of the chamber as well. It goes without saying that the use of mission data is critical to the successful conduct of defence operations both in war and in peace. The way we manage our data security and our data management is central to our ongoing relationship of trust with the Australian people, which is why the Global Switch Ultimo data centre has been such a lightning rod in the public square. I can assure the members for Clark and Kennedy that Defence has migrated its most sensitive data to a purpose-built data centre. Consistent with the whole-of-government hosting strategy, Defence data migration of sensitive ICT data and assets was completed ahead of schedule and under budget prior to the expiration of the original Global Switch Ultimo lease in September 2020. In fact, the most sensitive defence data was removed from GSU in May 2020. Defence is progressing work to migrate less sensitive and unclassified data assets to an alternative data centre through a rigorous risk based approach to ensure there is no adverse impact to defence operations. Additionally Defence has comprehensive security controls in place of GSU to protect against compromise by a foreign power or other malicious actors.

I reiterate to the members and for the benefit of the House, control and access to the data storage issue remains under the full control of the Australian government. The facility was designed with multiple layers of physical and cybersecurity controls. Physical security arrangements are accredited by relevant government agencies and include 24/7 security presence, closed circuit television monitoring, sensors and alarms. The Defence Security Operation Centre provides 24/7 cybersecurity protection. A secure gateway provides further assurance to prevent unauthorised access. In combination, these measures represent the highest level of security assurance. Indeed, this is something I've repeatedly pressed to my department. Ronald Reagan, back in the eighties, made famous the Russian proverb: 'Trust, but verify.'

Mr Katter interjecting—

Mr Wilkie interjecting—

Member for Kennedy, member for Clark, I don't just take the departmental officials' word as gospel. My eagle eye will be on this problem going forward, and I will be seeking additional updates, as I did last week, because my concern is no different to yours.

I know the Minister for Defence is also keenly aware of this issue, and we will both be monitoring this process carefully to ensure it happens as quickly as possible. Again, the strength of our foreign investment rules and the fact that Defence retains full control of its GSU data provides the highest level of assurance as we complete the migration of the remaining defence information. The fact remains, consistent with the Whole-of-Government Hosting Strategy, Defence has migrated all sensitive ICT assets from the Global Switch Ultimo data centre prior to the expiration of the original GSU lease last year. Member for Clark, member for Kennedy, had I been a decision-maker many years ago, this would never have happened. But I'm here now, and we're working through this problem.

Debate on this motion is a good place to make a few points on the importance that I place on Defence becoming a more data informed organisation. In the years ahead, data and the management of data will be critical to our nation's security. I've always been of the view that Defence needs to adopt a disciplined approach to how information is collected, stored, analysed and, most importantly, how data is distributed across the force. A defence data strategy is well in the planning to guide data management and improve data literacy. This is critical to Defence becoming a more mission focused organisation.

Data is critical. This is clear from the 2020 Defence Strategic Update and the Defence Transformation Strategy—I'm sure they're documents we've all read. The Defence Transformation Strategy provides the vision and framework for the long-term enterprise-wide transformation. This will enable Defence's capacity to adapt as our strategic circumstances change, and on page 36 the strategy makes clear:

In developing the Defence Transformation Strategy, senior leaders emphasised that our Defence culture must recognise the criticality of data to everything that we do, and adopt a far more disciplined and deliberate approach to how information is collected, stored, analysed and applied in decision making processes.

At a more local level there are things that all Australians can do to ensure we are strengthening our digital sovereignty. We live in a data-rich world. This is a new reality for many Australians. The internet is now the neural system of our lives. Over the pandemic we've migrated much of our lives online—a whole host of services from news, to work, to social media. It's also important to our economy, and it's the lifeblood of our democratic society. Whilst our lives online present many opportunities, it also presents threats and challenges. Just as government organisations need to take data and cybersecurity seriously, Australians too can do their bit.

Many members would remember last year on 1 July when the Prime Minister at the Australian Defence Force Academy launched the 2020 Defence Strategic Update. The strategic head winds are blowing hard, and we are straddling vast change in the Indo-Pacific region where we're seeing the greatest geo-strategic competition between nation states, we're seeing militaries modernise and we're seeing the use of grey-zone tactics to coerce states below the threshold of conventional warfare. Cyberwarfare and espionage are grey-zone activities used by nation states to undermine their competitors' sovereignty and also to break apart habits of cooperation in the Indo-Pacific region. Cyber is a new battlefield, and, whether we like it or not, we are all joined in an online contest to preserve our personal security but also our digital sovereignty as a country.

We can't be complacent. I know the government is not complacent. Defence is not complacent. No government has done more to strengthen the foreign investment rules in protecting our national sovereignty than this one. I know the member for Kennedy and the member for Clark won't be completely satisfied, but this is a work in progress, and we've done a lot over the last seven years. No government has done more to strengthen our national security than this one. Being the Chair of the Parliamentary Joint Committee on Intelligence and Security over the last four years, I've seen the body of legislation that has passed through that committee and into law through both houses of this parliament. We take these issues very seriously, and we are getting on with the job of ensuring that our critical data is safe and under control. I thank the member for Kennedy and the member for Clark for this motion. As always, my office door is open to you both—and to anyone else who would like further information on this issue.

See this speech in context