Robert McClelland (Barton, Australian Labor Party, Attorney-General) Share this | Link to this | Hansard source

by leave—Yesterday, Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy, and I launched National Cyber Security Awareness Week. This event is about spreading the message that we all have an important role to play in improving our cybersecurity. The internet is now a part of our daily routine, from sending emails and doing business, to reading the newspaper, planning a holiday or even searching the yellow pages. It has literally become impossible for most of us to imagine surviving a day without using the internet in some way. While the internet has the potential to make our day-to-day lives richer and easier, we must remain vigilant to our online security. Advances in the technologies we use and the reasons we use them have been accompanied by developments in the number and type of cybersecurity threats that we face. That is why the Australian government has made cybersecurity a top national security priority and has invested significantly in enhancing our cybersecurity capabilities.

Our strategy focuses on three key objectives: first, securing our own government systems; second, working in partnership with the private sector; and, third, reaching out to individual Australians to assist them to deal with problems they may encounter. Dealing firstly with the government systems, the security of government systems is important not only to ensure the continuity of services to all Australians but also to protect the personal information of citizens that governments hold. We have established the Cyber Security Operations Centre, CSOC, in the Defence Signals Directorate to provide government with the complete picture of the online security landscape and the capability to respond to cyberincidents. The Australian Security Intelligence Organisation, ASIO, has also established a specialist cyberinvestigations unit to investigate and provide advice on state sponsored cyberattacks against Australian interests. We have also announced our intention to accede to the Council of Europe Convention on Cybercrime, the only binding international treaty on cybercrime.

The government is but one player; business is also crucial. And that brings me to the second pillar of the government's strategy: working with the Australian business community. The Computer Emergency Response Team Australia, CERT Australia, as it is known, provides a direct link between government and the private sector and seeks to improve cybersecurity for all Australian internet users by developing and sharing information about significant threats and vulnerabilities within Australian businesses, including, for instance, banks, utilities and phone companies. Additionally, the internet service provider, ISP, code of practice requires internet service providers to assist home users and businesses to stay secure online. The icode, as it is known, aims to promote a cybersecurity culture within ISPs and provides a consistent approach among ISPs to inform, educate and protect their customers in relation to cybersecurity.

The Australian government have also put in place crisis management arrangements in the event of a major cyberincident. To test these arrangements, the Australian government, along with over 50 businesses and government agencies, participated in last year's international Cyber Storm III exercise. That exercise allowed us to test our preparedness for cyberthreats and to strengthen relationships with business and with our international partners. This means that if something goes wrong, the government and the private sector have drilled and can work together to fix the problem. The government are also taking action to ensure that all Australians are aware of the cyber-risks that they face and that they take steps to protect themselves online.

One very valuable tool available to home users is the Stay Smart Online website, which provides a free alert service and information on the latest cyberthreats and how to address those threats. Yesterday, the government launched the new version of the Budd:e cybersafety and security education package. Budd:e provides interactive, self-learning modules for primary and secondary school students, including advice on malware, how to secure personal information online and safe social networking practices.

Yesterday, Minister Conroy announced the development of another government initiative aimed at keeping young people safe online—that is, the Easy guide to socialising online, which aims to improve understanding of the risks associated with disclosing information about themselves online or other family members and ways in which privacy can be maintained.

I also draw the attention of parents and teachers to another program aimed at protecting children. The ThinkUKnow program has been developed by the Minister for Home Affairs and Minister for Justice, the Hon. Brendan O'Connor, and provides interactive training to parents, carers and teachers through primary and secondary schools across Australia using a network of accredited trainers. A particularly useful tool for home users is the cybersafety help button. The button is a free application that can be downloaded, giving internet users, particularly children, easy access to cybersafety information and assistance. The button is specifically designed to provide younger internet users with a confidential means of immediately noting content of concern and drawing it to the attention of authorities.

Another important initiative that I launched this week is the second edition of the highly successful booklet entitled, Protecting yourself online: what everyone needs to know. This second edition builds on the first with updates that reflect the changing cyberlandscape. It also highlights new government initiatives with links to resources to educate home users on potential risks and the starting points when looking for help.

The publication promotes eight simple steps that can significantly enhance internet security. Those steps include advice to:

(1) Install and renew your security software and set it to scan regularly.

(2) Turn on automatic updates on all your software, including your operating system and other applications.

(3) Think carefully before you click on links and attachments, particularly in emails and on social networking sites.

(4) Regularly adjust your privacy settings on social networking sites.

(5) Report or talk to someone about anything online that makes you feel uncomfortable or threatened—download the government's Cybersafety Help Button.

(6) Stop and think before you post any photos or financial or personal information about yourself, your friends or family.

(7) Use strong passwords and change them at least twice a year.

(8) Talk generally with your family about good online safety.

I encourage all members to read this booklet and promote it within their electorates. It is a good item to include in members' newsletters and I can provide members with additional information if that would assist them to promote this resource through their electorate. The booklet itself is available for download and in hard copy format.

I hope members will also take the opportunity to participate in some of the many events that are taking place as part of National Cyber Security Awareness Week.

We all have an interest in maintaining a secure internet and members of parliament can play an important part in making sure that all of the community is cybersecurity aware.

To assist members, I table a schedule of useful links and contacts on the assistance that is available for their constituents.

I now ask leave of the House to move a motion to enable the member for Stirling to speak for nine minutes.

Leave granted.

I move:

That so much of the standing and sessional orders be suspended as would prevent Mr Keenan speaking in reply to the ministerial statement for a period not exceeding 9 minutes.

Question agreed to.

Michael Keenan (Stirling, Liberal Party, Shadow Minister for Justice, Customs and Border Protection) Share this | Link to this | Hansard source

I thank the Attorney-General for his statement. As he has pointed out, cybersecurity is a top national security priority and the government has the opposition's support in enhancing our capabilities and defences. The cybersecurity challenge is vast. We have now entered the age of cyberwarfare, where one nation's offensive capabilities can paralyse a target nation, causing chaos not only in its military response but in its key economic sectors as well—banking and finance, transport, electricity, manufacturing, medical, education and, of course, government. All are now dependent on computers for their daily operations.

There are nations in our region that are known to have such an offensive capability. Of course, such is the nature of the electronic theatre that physical proximity and the problems of supply lines are no longer relevant. Australia's formidable natural defences may as well not exist in an interconnected world—in fact, at a recent computer security conference the whole cyberworld was likened to the North German plain.

This nation must therefore commit itself to the task of closing the capability gap. However, it is not just in the science fiction-like world of cyberwarfare that the threats reside. The internet and in-house computer systems are an ideal environment for terrorism, organised crime and industrial sabotage. The threat is not merely that of lost money or stolen information—many private systems are important components of our critical infrastructure, the failure of which could wreak havoc in the civilian population.

The coalition strongly supports government efforts to help maximise security in critical systems. However, as the government plans to go ahead with their National Broadband Network, it is alarming that there has been little talk from the government about the security risks that might be associated with that network. The Australian Federal Police expressed their concerns in their submission to the Joint Committee on Cyber Safety on 25 June last year. That submission stated:

The National Broadband Network is a case in point. The AFP with other Australian Government agencies is working to minimise the criminal exploitation of the NBN. The inherent risk of the NBN is that it could facilitate the continual growth and sophistication of online criminal syndicates' ability to commit cyber offences against online systems due to the attractiveness of the increased speed. Increased bandwidth available via the NBN may result in increased bandwidth available for committing or facilitating computer offences.

The submission went on to say:

The proliferation of a large number of Retail Service Providers has the potential to increase the difficulty law enforcement has to obtain telecommunications data.

The coalition strongly supports the AFP's concerns that security must be at the centre of the NBN initiative as cybercrime rises.

Also of concern to the coalition are the increasing cyberattacks on major resource companies, such as Woodside Petroleum, BHP Billiton and Exxon Mobil. It has been suggested that foreign hackers are looking for clues on government and business attitudes to major resources projects and foreign investment, along with intelligence on overseas activity.

Malicious cyberactivity is increasing to a point where systems in both government and the private sector are under continuous attack. It was alarming to hear, in February this year, that the security think tank Kokoda Foundation had released a report that concluded Australia is increasingly ill-equipped to deal with cyberattacks on the nation's energy, water, transport and communications systems. The report states that cybersecurity has become Australia's 'fundamental weakness'. The opposition is deeply concerned, given Labor's cuts to our national security agencies in the latest budget, that the government are not taking Australia's security as seriously as they should. Finally, as the Attorney-General has said, there are problems that individual Australians may encounter in the online environment every day. We are all familiar with online scams, privacy issues and cyber bullying, as well as the serious issue of the transmission of unlawful material such as child pornography and terrorist material. The Attorney has tabled a helpful list of resources available to individuals and businesses. I commend the agencies responsible for the production of this material and I endorse the Attorney's call for members of this place to keep them within our electorate offices and distribute them to our constituents as appropriate.