Sally Sitou (Reid, Australian Labor Party) Share this | Hansard source

I would like to match the member for Monash's fictional reference with one of my own. I remember watching Sandra Bullock's movie The Net, a cybersecurity movie about the internet and identity theft. The movie came out in 1995 and felt like Hollywood at its story-telling best. It was long before social media, smartphones and apps, so it seemed unbelievable at the time. How could people steal your identity and conduct surveillance on you via your computer? As Sandra Bullock's character tries to explain her predicament to a sceptical lawyer, she says: 'Our whole world is sitting there on a computer. It's in the computer, everything: your DMV records, your social security, your credit cards, your medical records. It's all right there. Everyone is stored in there. It's like this little electronic shadow on each and every one of us, just begging for someone to screw with, and you know what? They've done it to me, and you know what? They're gonna do it to you.' The movie was prescient for its time because all those concerns dreamed up by scriptwriters more than two decades ago have now come to pass. In 1995, Hollywood was able to imagine just how vulnerable we would be to cyberattacks and data breaches.

Unfortunately for us, the previous government failed to show any of that foresight. They failed to create an effective incident coordination and response mechanism or set up the legislative tools to manage the consequences of data breaches. They failed to even acknowledge the significance of this threat, and we know this because they abolished the dedicated role of cybersecurity in the ministry. Those failures are made even more stark given how much of our lives has now moved online. I had to hand over my personal information to read the news, to purchase shoes and even to pay for my son's school lunches. When so much of our lives is online, more than ever, consumers need protection from fraudulent behaviour and privacy and data breaches. They need a government to be on their side to make sure that businesses have the right tools and incentives to protect our data. The Optus and Medibank data breaches demonstrated that neither were in place when we came into government. The sensitive financial identity and health data of millions of Australians has now been exposed and the potential losses these Australians face are immeasurable.

It's this government that recognises the immense harm individuals could face from cybersecurity attacks. That's why, from the very beginning of the Optus and Medibank incidents, we have had the smartest experts from the Australian government working on a response. We have put the full weight of the Australian government into finding the attackers, coordinating government responses and keeping Australians informed so they can protect themselves. The Australian Signals Directorate's Australian Cyber Security Centre, the Australian Federal Police and the Department of Home Affairs are providing significant support to help investigate these breaches. I want to thank all these men and women who are working tirelessly to help protect Australians for their professionalism. It's the Labor government that has begun the important work of protecting the personal information of Australians. We've closed the gap that the previous government left in the Security of Critical Infrastructure Act by switching on the cyber incident reporting and critical infrastructure register for the telecommunications sector.

We've appointed Australia's first dedicated Minister for Cyber Security to the cabinet, which will allow for better coordination across the government on cyberpolicy, strategy and response mechanisms. We have brought in legislation to beef up penalties for organisations that fail to protect the personal information of customers from hackers, increasing the maximum fine for serious breaches from $2.2 million to at least $50 million and giving companies an incentive to put the work and resources into protecting customer data. We've done that because Australians have a right to expect that their personal information will be protected. We are developing our new cybersecurity strategy for Australia to equip us with the tools to prevent, detect and manage the impact and consequences of cyber incidents. We need a response that will meet the challenges of our time, and this is a government that is getting on with doing that.

See this speech in context