Karen Andrews (McPherson, Liberal Party, Shadow Minister for Home Affairs) Share this | Hansard source

I move:

That this bill be now read a second time.

The Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 proposes criminal law reforms to implement a new standalone offence for all forms of cyberextortion and tougher penalties for those who prey on the vulnerable online.

As the current government flounders in search of a plan on a range of issues facing our nation, the coalition stands ready to advocate for and support sensible legislation in the national interest.

In this case we are putting forward legislation that is ready to go.

This legislation will ensure cybercriminals found guilty of using ransomware face an increased maximum penalty of 10 years imprisonment and those targeting Australia's critical infrastructure will receive a maximum penalty of 25 years imprisonment.

It's designed to disrupt and deter cybercriminals who engage in ransomware and cyberextortion activities targeting Australians and Australian businesses.

This bill is not new to the parliament—it was introduced in February this year to address an urgent need to combat the rising scourge of ransomware and cybercrime.

Unfortunately, time for debate and passage was not forthcoming and the bill lapsed with the dissolution of the last parliament.

As well as the standalone offence and penalties I mentioned earlier, this bill introduces an aggravated offence for buying and selling malware for the purpose of committing a computer offence and dealing with stolen data, with a maximum penalty of 10 years.

This is designed to halt the effectiveness of the ransomware business model.

Further, it ensures that law enforcement can monitor and freeze cybercriminals' ill-gotten gains by extending current powers that cover financial institutions to digital currency exchanges.

It ensures that the powers to seize digital assets, including cryptocurrency, reflect the operational environment and that confiscated funds are available for action under the Proceeds of Crime Act 2002.

In simple terms, it hits the cybercriminals where it hurts them most, and that's in their hip pockets.

These are all sensible measures that will create a greater deterrence and therefore reduce the incidence of ransomware attacks on individuals and businesses.

I am not suggesting that this bill on its own is the solution to all challenges relating to cybercrime. Indeed, it was just part of a suite of reforms that we were planning to introduce to build even stronger cybersecurity and law enforcement capabilities to protect Australian businesses and communities.

But it is a step in the right direction. It is a positive move. And certainly in the last parliament there appeared to be bipartisan support for these measures.

So, today, I implore those opposite to support this bill.

It is literally ready to go. It has not been significantly altered in any way—it has been carefully crafted by government legislators.

In opposition, the Labor Party repeatedly called for legislation to address the threat of ransomware. They said it was urgent. But I did not see any mention of ransomware legislation in their first 100 days, and certainly no legislation on it has been presented in this place.

There have been plenty of reviews and summits, but where is the sensible, practical action?

The most sensible thing they can do today is to put their pride and ideology aside and support this bill in the national interest.

Let's achieve something together.

This bill has no budgetary impact. It's literally about giving law enforcement agencies the tools they need to pursue and prosecute ransomware gangs and track, freeze and seize their illegally and dishonestly acquired gains.

While Labor waits to come up with a plan, cybercriminals are coming up with new ways every day to use malware and, specifically, ransomware to do us real and long-lasting harm.

I note with great regret that the government have indicated that they are basically 'tearing up' the Cyber Security Strategy 2020, which was a $1.67 billion investment over 10 years.

Whilst they're in government, it is their call to do so.

But why would you cast uncertainty over a range of cybersecurity programs?

Why would you say that you're getting rid of something when you don't know what you're going to replace it with?

Where's the policy detail? Because it wasn't in the one-paragraph 'policy' Labor had before the election, which contained a motherhood statement about 'lifting cyber-resilience across the whole nation' and 'appointing a dedicated cybersecurity minister'.

That was the extent of their cyberpolicy. So, I guess that they consider that giving the Minister for Home Affairs a secondary ministry title delivers that promise.

But, as we all know, that is just symbolism—it doesn't stop a single cyberattack.

Now, I put to those opposite that there is something positive and tangible that they can do right now that can help stop cyberattacks—they can support this bill and they can do so in the best national interests.

In the brief time that is left to speak on this bill, I would like to give the member for Fisher the opportunity to speak, and, in doing so, I take the opportunity to congratulate him on his election to the very important role of Deputy Chair of the Parliamentary Joint Committee on Intelligence and Security.

See this speech in context