Shayne Neumann (Blair, Australian Labor Party, Shadow Minister for Indigenous Affairs) Share this | Link to this | Hansard source

Most of us will recall where we were on 9-11. That event was so far from Australia but it hit hard at home as we felt the world turn. Overnight, international conversation shifted. When I travelled overseas in the weeks after 9-11, I saw security at airports change. In Australia, I observed a change in the national lexicon. Muslim Australians were treated with suspicion, and for a time we fell into the trap of an us-and-them mentality.

We are a nation built on migration, a country that has welcomed 7.5 million migrants since World War II—and we certainly do our bit when it comes to the 65 million displaced persons in this world. The challenge continues to grow and I would argue that we should do even better. We should be more generous when it comes to helping to resettle genuine refugees in larger numbers to this country—that was certainly Labor's position at the last election, and we continue to support this approach.

Conflicts abroad impact us here at home. We have seen an increased need to focus on and resource measures used to reinforce and guarantee our national security. We must use all tools in our toolboxes to combat Daesh and other extremist groups that seek to harm our national security and our way of life.

Australia's largest RAAF base, Amberley, is located in my electorate of Blair. Thousands of men and women are based there, and from there they deploy into warlike situations and into peacekeeping. Our servicemen and women risk their lives to protect ours and our strategic interests, often leaving their families behind in worry and anxiety. Many men and women from Ipswich and the Somerset region in my electorate have made that sacrifice. The saddest times that I have experienced as a federal member have been the repatriation ceremonies at RAAF Base Amberley—to see the bodies of brave men come home, and their families greet them in sadness and grief.

The base at Amberley plays a critical role in ensuring our national security at home and abroad. But the first and frontline security on our borders is the Australian Border Force, who operate at our international airports, our ports and at sea.

In my role as shadow minister for immigration, I visited many of our major international airports and met Border Force staff. They are able officers, who speak with passion and pride about the work they do. They thrive on well-established information-sharing relationships with security agencies at home and abroad, ensuring they get access to information that assesses risks within our national security framework. Intelligence gathering begins from the moment a traveller books a ticket to the moment they present to ABF officers at our border. The Australian Border Force has access to remarkable databases and technology—real-time assets to respond to real-time threats—and we need those because the threats have grown in the past 20 years. Between 1990 and 2010 there were approximately 30 Australians who travelled to conflict zones, with 20 returning to Australia. Those figures have risen to over 120 Australians travelling to conflict zones, and over 30 returning, from 2011 to mid-2015, often with nefarious motives.

We can take measures like relying on intelligence to cancel visas, preventing entry into Australia and using antiterrorism laws to prosecute suspected terrorists. I have long been a believer, however, that prevention is even better than cure. The Australian Border Force can protect from overseas influencers entering our country, but in partnership with that we must ensure that young, vulnerable and impressionable Australians do not have the opportunity to become radicalised. Australia's counterterrorism strategy: strengthening our resilience 2015, published by the Council of Australian Governments, is clear about the measures that governments must adopt to ensure our national security. Governments must communicate messages so that people:

… find a sense of meaning and belonging in Australia, without resorting to violence.

The strategy goes further and says:

Peaceful expression of diverse political, religious and ideological views is an important and highly valued feature of Australian life. An objective of terrorism is to undermine our values and social cohesion. We must not let this happen.

We undermine our social cohesion when our leaders point the finger at fellow Australians based on race, on our ethnic heritage and on our preconditioned biases. It does us no good in our efforts to counter terrorism when some of our leaders use baseless arguments and cheap political scoring tricks to pick on other Australians. These irresponsible statements do nothing to further our national security.

Countering terrorism is a responsibility we all share as leaders in parliament with business and other community sectors. As members of parliament we must take care to set the right tone in this debate. Rather than demonising and labelling sections of the Australian community we should focus on the positive work being done to ease the transition of migrants into our community. I am pleased to sit on the Joint Standing Committee on Migration, where we are looking at the integration of young Australians in this space. The committee is going to consider the mix and coordination of settlement services, national and international best practice in migrant settlement outcomes and prospects, the importance of the English language to migrants' and prospective migrants' settlement outcomes, and other related matters. We need to do all this to ensure people who choose to call Australia home are given the best chance in life.

The divisive nature of public comments made, however, by the Minister for Immigration and Border Protection in the last week or so pulls at the fabric of our multicultural society. The claim of the immigration minister—that the Fraser government made what he described as 'a mistake' in welcoming Lebanese families to Australia 40 years ago—was a grave political mistake. The immigration minister did not just say Australia had a problem but pointed to a whole section of the Australian community and to members of that community. Words have power and meaning; the immigration minister would do well to remember that. The Prime Minister should take immediate action to bring the immigration minister into line. He should repudiate these comments unequivocally. He knows that comments like the ones that were made last week are just the type of comments our national security agencies tell us are counterproductive to preventing radicalisation and defeating extremism. The immigration minister should be made to apologise. He should know better; he must do better.

I want to send a clear message: if Labor are in power and people post material online, those people will be found out by the agencies. If you seek to harm Australians, you will not come into this country if there is a Labor government. We welcome the finalisation of a report by the Commonwealth Counter-Terrorism Coordinator on recent overseas attacks and on the lessons we can learn. We will support a review of the way Defence and our domestic counterterrorism operations work together. We live in an age where technology has greatly benefited our society, but it also comes with tremendous risks. Cybersecurity is an important element of our national security. We are committed to making sure we use up-to-date technology so we can better protect our people, institutions, businesses and communities. It is why, when Labor were last in government, we opened the Cyber Security Operations Centre and adopted Australia's first comprehensive Cyber Security Strategy. Strategies like these are absolutely necessary when, on a daily basis, we are asked to share online so much personal information, from banking information and medical history to our intellectual property.

It is important that we have responsibility as leaders and we exercise discretion and prudence. We must place our society and our community first, we must meet the cybersecurity challenge in Australia as we move forward and we must respond to it immediately. We must not compromise our national security; we must say and do everything we can to enhance it. We are a nation built on migration with a culture shaped by those people who choose to make Australia their home. We must embrace diversity, unite our communities and celebrate what it means to live in Australia—that everyone has a fair go and everyone is treated with respect, humanity and compassion. We will always be stronger when we stand together and respect one another.

I stand on this side of parliament proudly with the Labor team. We stand with our First Australians and those who have come since to make this country our home. We are all Australians, every one of us from where we come. We must treat each other with respect, humanity and decency, and we must always be vigilant when it comes to national security.

Gai Brodtmann (Canberra, Australian Labor Party, Shadow Parliamentary Secretary for Defence) Share this | Link to this | Hansard source

The minister assisting the Prime Minister said in an address yesterday that we need to accelerate the implementation of our Cyber Security Strategy. Truer words have never been spoken, because the pace of implementation has been a crawl. We were supposed to have mandatory data breach notification laws, which Labor supports, in place by the end of 2015—by the end of last year—and we still do not have them. Here we are at the end of 2016. It took nearly seven months from when the Prime Minister announced he would pick a cyber ambassador for him to actually pick one. The recent Australian Cyber Security Centrethreat report2016 made it clear that malicious non-state actors could develop the means for a serious cyber attack on Australia within the life of this parliament. Australia cannot wait for the government to get its act together. Australia deserves better than a government that spends 18 months developing a strategy and seven months ignoring it. Australia's cybersecurity needs protecting today—right now.

On average across the developed world, online commerce accounts for six per cent of GDP per year, and it is growing. We live our lives online, and the migration of global trade and communication from the physical to the digital is irreversible. We cannot just pull the plug out of the wall. We must focus on managing the risks of the online world.

Some of the sounds the government has made on cybersecurity are promising. Some of the sounds we would like to hear, however, are not being made. It is this silence that is concerning. Emergency planners in and out of government use the term 'critical infrastructure' to refer to infrastructure that is essential to the ongoing functioning of the state. These are sectors such as communications, energy, water, transportation and information technology—or at least these are what we suppose them to be, because the government has not outlined what it does and does not consider to be critical at a level of detail and specificity even approaching what is necessary. This is a serious concern, because policymakers and security agencies need to be aware of what is and is not considered critical infrastructure, because the term comes with expectations: for security to prevent a disruption, and for resilience when a disruption occurs.

The government has apparently been working on a definition for two years now. These are the reports around town, and yet we seem no closer to a level of granularity and detail that other nations have managed. The latest we have heard on this matter is that states and territories might have more of a role than the federal government on the issue. It is true that there is a role for the states and territories. It is also true that there is a role for the private sector. And, most importantly, it is true that there is a role for uniformity across the nation, because electricity is not just important in Queensland and water is not just important in South Australia. The federal government needs to accept that it has a role in this process and stop shifting the responsibility to anybody and everybody else. That means working with the states and territories and the private sector to develop a definition and a standard to expect from those assets that fall under the definition of critical infrastructure.

Australia is experiencing a significant cyberskills shortage. With employment of ICT security specialists growing by 40 per cent in the last five years, we have set a pace that has put enormous strain on Australia's stock of qualified professionals. Businesses are frustrated by the lack of graduates coming through with requisite skills for cybersecurity. Graduates are needing years of on-the-job training following their undergraduate studies to simply bring them up to speed. The government talks about investing in education as a priority, and this is an important long-term step, but these investments will start bearing fruit in five to 10 years from now. The urgency is now. Until then, we need a strategy to bridge our skills shortage in cybersecurity, and on this issue the government is entirely silent.

More than 90 per cent of all data created in human history has been created since 2014—two years ago. We produce data with everything we do online: when we trade, when we communicate, when we upload or download anything, when we do our jobs. This data is collected and analysed to produce an impression of the person or the organisation that left it. On its own it is often insignificant, but the more we do online the more data about us is left to be collected and considered. Each single piece of data is like a pinprick in a blindfold: the more pinpricks in the fabric, the clearer the vision of what is behind it. So, as we add ever more data to the digital impression of ourselves, the approximation of who is creating it gets closer and closer to the truth, and the nearer the approximation the more valuable the data to advertisers, to governments and to cybercriminals.

By some estimates, more personal private data records were stolen in a single data breach in 2016, this year, than were stolen in every data breach everywhere in the world in 2015, last year. Just as the amount of data we produce is growing at an exponential rate, so too is the threat to its security. Australian government services and agencies collect an enormous amount of data. Australians trust that when they enter their personal information online and submit it to the ATO or Centrelink or the census the data will be kept secure.

The minister assisting the Prime Minister seems to be of the belief that the job of keeping that data secure is somebody's responsibility, but just not his. Earlier this month he is quoted to have said of his government's attitude towards public sector cybersecurity standards:

... we want each individual department and agency to take responsibility themselves, and the best way we can do that is just remind them of the need for them to take this issue incredibly seriously.

The Turnbull government does not support mandating standards for cybersecurity, despite a 2013 audit report that found that of the seven agencies it examined, none were fully secure to cyberthreats; despite 15 percent of agencies having no person responsible for cybersecurity; and despite the department of industry and the AFP declaring themselves fully compliant with the standards of central government agencies—only for a subsequent audit to find that they actually were not. It is startling that the Turnbull government would not see a need to mandate baseline levels of safety. We see wild variation in the level of security from within government and it will take more than a sternly-worded letter to bring everybody up to the same level.

On 25 October this year, hundreds of Centrelink customers had their emails disclosed, not by a hacker but by someone using the CC instead of the BCC field on their email. Centrelink then compounded the error by attempting to recall the email. That meant that every email address that was sent out by mistake the first time was sent out for a second time. So Centrelink, which the Turnbull government does not think should face mandated data security standards, has a password-reset process that relies on emails being sent manually.

As has been mentioned, the country is currently without data breach notification laws. This is despite the fact that the Joint Parliamentary Committee on Intelligence and Security recommended in February 2015 that Australia have breach notification laws in place before the end of last year. Data breach notifications have bipartisan support, so the excuse cannot be the one we often hear from the government—that it is facing too much opposition to be able to implement its own priorities. It is not law today because it is not a priority of the Turnbull government.

The digital economy hinges on trust, and trust cannot develop without disclosure. The Turnbull government speaks valiantly of its commitment to transparency and then fails to actually transparently reveal anything. The internet offers enormous productivity benefits to the economy and we have much to gain from embracing its potential, yet there are risks. It was recently reported that the Reserve Bank of Australia experiences an attempted cyber incident every two seconds. We cannot expect to never be attacked, but we must be confident that when we are attacked we will withstand it.

There are a range of issues that I would like to address from the speech that the minister made yesterday. Labor has a range of concerns. The most important is the urgency of action on climate change. There has been significant inaction by this government since the launch of the strategy in April. A successful cyber attack could scale similar levels of destruction to a conventional attack and we should treat the threat accordingly. Cybersecurity cannot be a priority on paper and an afterthought in practice.

Debate adjourned.