Thursday, 9 March 2023
Questions without Notice
Clare O'Neil (Hotham, Australian Labor Party, Minister for Home Affairs) Share this | Hansard source
I thank the member for Gilmore. She is the most passionate advocate for her community, and it's a huge privilege to sit with her in the Labor caucus. I'm really pleased to have the opportunity to speak a little bit about the huge volume of work that is happening in cybersecurity within the Australian government at the moment. I've said that Australia is about five years behind where we need to be on cybersecurity, so the first task of our government is to try to play catch-up to get us to where we should be by 2023. The future is going to hold a lot of differences in this really important policy space. We have very dangerous geopolitical circumstances that we face in our region; we have a very fast-changing technological environment, including things like AI and quantum computing, which will change the complexity and speed at which cyberattacks occur; and our lives are increasingly being lived online. These three trends are going to combine to create a very difficult challenge for us to confront in 2030, and the government is very focused on making sure our country is prepared for that.
As part of the cyber consultations for the cyber strategy, I joined the Prime Minister a couple of weeks ago at a round table of business leaders. If I can distil the comments that were made in that, they come down to this: there is enormous demand from the business community, big and small, for government to show leadership on this, and I think there's a sense of genuine relief that we have a Prime Minister who sees the urgency for us to address this really critical problem facing our country. Last year, we had the two biggest cyberattacks in Australian history, on Medibank and Optus. I think the consequences of the 'cyber slumber' that we had been in was laid bare for all to see. There were enormous consequences from those attacks. Literally millions of Australians had data stolen from them, and shared in some circumstances. It became really clear through those attacks that we had a patchwork of policies, laws and frameworks that simply were not keeping up with the challenges presented by the digital age. Voluntary measures and poorly executed plans are not going to get Australia to where we need to be by 2030. The ANAO found that three-quarters of government agencies do not meet the most basic cybersecurity obligations.
I desperately wish that those on the other side of the chamber had done more about this in the decade that they were in government but, like in so many of the portfolios behind me, it falls to us to clean up this mess. Since we were elected, we've declared 82 systems of national significance. We've set baseline security standards for critical infrastructure sectors. We've set up a collaboration between the ASD and the AFP. We've seen the Attorney-General reform privacy laws and undertake a serious review of the Privacy Act, and, importantly, the PM announced a couple of weeks ago a new coordinator for cybersecurity across the Australian government. I'm really proud to be part of a government that's taking this so seriously for the future.