Andrew Hastie (Canning, Liberal Party, Shadow Minister for Defence) Share this | Hansard source

I've often said that the cyberdomain is the new international battleground. We've always thought about war in terms of air, sea and land, but if you own a smartphone and you're connected, you're on the battlefield, whether you realise it or not. This reality struck hard in September when Optus was the subject of a major cyberattack, affecting around 10 million Australians. Contact details and passport, drivers licence and Medicare numbers were compromised and hung over the head of Australians by cybercriminals. According to the Minister for Cyber Security, 2.8 million Australians had a significant amount of data taken—a serious breach—yet the minister saw it as more appropriate to tweet about the AFL grand final before publicly addressing the Optus attack.

Last month Medibank fell victim to a cyberattack where 3.9 million customers were affected. After a slow and confused response to the Optus incident, it took the minister a week to publicly respond to the Medibank hack, delaying government engagement. In a speech to parliament, the minister referred to the Medibank hack as 'an urgent wake-up call for Australia'. Yes, but it should not have been an urgent wake-up call for the government. When Australians hand over their personal data, they have a right to expect it will be protected. The annual cyberthreat report released by the Australian Cyber Security Centre last week concedes cyber incidents are growing in severity. In 2021-22 over 76,000 cybercrime reports were made, an increase of nearly 13 per cent from the previous year. That means one cybercrime report is being made approximately every seven minutes. The ACSC also reported an average of 69 calls to the cybersecurity hotline every day, an increase of 15 per cent.

These are alarming figures, yet while cybercrime is on the rise, our government is asleep at the wheel. Since the Optus attack, there has been no legislative response from the Albanese government. Instead, all we have seen the government do is host a virtual international counter-ransomware task force. Labour must ensure that there are stronger penalties in place for cybercriminals seeking to use ransomware. A private members' bill recently introduced by the opposition, based on legislation introduced by the former coalition government, would specifically reform criminal law and secure tougher penalties for all forms of cyber-extortion in the event of the exact cybersecurity issues we've been seeing. Disappointingly, in the week after we introduced the bill, Labor members on the Selection of Bills Committee blocked it from progressing for further evaluation, despite failing to provide any of their own legislation to deter cybercriminals.

While Labor stalls on legislation that the opposition is handing to them on a platter, Australians are continuing to fall victim to data breaches. I ask the government: what are they waiting for? The proof that the cyber domain is getting more dangerous is right in front of them in the ACSC's report, signed off by the Deputy Prime Minister. When will Australians stop having to pay the price for this government's inaction? In comparison, the former coalition government passed significant legislation to help protect Australians and our critical infrastructure. In November 2021, based on recommendations from the Parliamentary Joint Committee on Intelligence and Security, we passed important amendments to Australia's national security legislation to better safeguard our community and economy from cybersecurity threats. Earlier this year, we launched the National Plan to Combat Cybercrime and opened a new cybercrime centre led by the Australian Federal Police. In March, the coalition government launched the most significant single investment in the Australian Signals Directorate's 75 years—REDSPICE, a $9.9 billion project to respond to the deteriorating strategic circumstances in our region. Last week I joined my colleagues the shadow minister for cyber security and the shadow minister for home affairs in calling on the government to guarantee that project REDSPICE, funded in the March budget, will be delivered in full.

We need to see Labor commit to investing in offensive and defensive cybercapabilities, work with industry to protect Australia from the escalating cyber threat and expedite the passage of new ransomware bills. The Australian people simply cannot afford any more delays, confusion or uncertainty from the Albanese government. This government's absence on ransomware legislation is harming Australians by the day, particularly when this bill has now been presented and Labor's only response to this issue is a task force. That's why I'm calling the Labor to support the swift passage of the coalition's bill, which increases penalties for a range of cybercrimes in order to give law enforcement, working in conjunction with our intelligence agencies, another tool to pursue cybercriminals. This bill is not a silver bullet, but it is a step in the right direction towards further safeguarding our digital future. It must be supported by a broad range of legislative, policy and operational reforms. The coalition stands ready to support measures to bolster Australia's defences to the ongoing cyber threat, and the passage of this bill would be a helpful start.

See this speech in context