Karen Andrews (McPherson, Liberal Party, Shadow Minister for Home Affairs) Share this | Hansard source

I move:

That this House:

(1) notes that the:

(a) Optus and Medibank data-breaches highlight the threats faced by Australians and Australian businesses from cyber-criminals;

(b) previous Government passed significant legislation to help protect Australians and our critical infrastructure from cyber-criminals; and

(c) Government's lacklustre response to the data breaches does nothing to allay the concerns and fears of Australians who may have been impacted by these cyber-attacks; and

(2) calls on the Government to support the passage of the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022, which would help law enforcement disrupt and deter cyber-criminals who engage in ransomware and cyber-extortion activities targeting Australians and Australian businesses.

I move this motion on behalf of all Australians who have been impacted by, and who remain unsure and worried about the extent of very serious cyberbreaches that have occurred in recent months—particularly, and notably, at both Optus and Medibank.

The silence from the government has been deafening on these breaches. The recent sobering annual threat assessment from the Australian Cyber Security Centre has documented our deteriorating cyber environment and has recognised cyberspace as a leading domain for warfare and crime, including extortion, espionage and fraud. The ACSC's third Annual cyber threat report revealed that it received over 76,000 cybercrime reports last financial year—a 13 per cent increase from the year before. That means the agency is receiving a report every seven minutes compared to one every eight minutes the year before.

In government, the coalition recognised the threat and took decisive action to harden our defences. We invested a record $1.6 billion to strengthen Australia's cybersecurity defences and meet emerging challenges in order to keep Australians safe. We boosted online safety with $125 million and a range of measures to keep Australians safe online, including the Online Safety Act 2021. We created new capability to identify and block SMS scams at their source. We gave police the powers they needed to police the dark web by passing groundbreaking new laws that allow law enforcement to intercept and disrupt organised criminals, paedophiles and drug pushers on the dark web and to shut down their evil trade. We introduced world-leading legislation to harden the defences of our critical infrastructure and systems of national significance, to ensure the community was better protected against serious cybersecurity incidents. We introduced the ransomware bill, referenced in this motion, which we re-introduced into this parliament and which we call on the government to support. It would create tougher penalties for cybercriminals.

And, importantly, we funded project REDSPICE in the March budget to meet the ongoing challenges we face as a nation. It's critical that project REDSPICE is delivered in full. REDSPICE is the single most significant investment to transform the Australian Signals Directorate's offensive and defensive capabilities. That's why last week I joined with my colleagues the shadow minister for defence and the shadow minister for cyber security to call on the Albanese government to guarantee future funding for offensive and defensive cybercapabilities.

The Albanese government should also support the swift passage of the coalition's ransomware bill, which increases penalties for a range of cybercrimes to give law enforcement, working in conjunction with our intelligence agencies, another tool to pursue cybercriminals. Our bill, which we first introduced earlier this year, would introduce a new standalone offence for all forms of cyberextortion so that cybercriminals who use ransomware face an increased maximum penalty of ten years imprisonment. It also introduced a new aggravated offence for cybercriminals seeking to target critical infrastructure, recognising the significant impact on assets that deliver essential services, with a maximum penalty of 25 years imprisonment. And it ensures that law enforcement can monitor and free the ill-gotten gains of cybercriminals by extending current powers that cover financial institutions to digital currency exchanges.

Mr Speaker, we don't pretend that this bill is a silver bullet, because no such thing exists, but it will present a new deterrent to these cybercriminals, and it is an important part of safeguarding Australians. Labor's absence on ransomware legislation is truly baffling, particularly when an alternative bill has been presented into this House. We on this side of the chamber remain very committed to ensuring that everything that can possibly be done is done to protect Australians. We are also concerned to make sure that Australians are given the information that they need, firstly to be able to protect themselves, but, when they have been the subject of a significant data breach or ransomware attack or any are cybersecurity incident, they are getting the information they need to protect, as much as possible, their data.

See this speech in context