Michael McCormack (Riverina, National Party) Share this | Link to this | Hansard source

I'm pleased to contribute to this important motion today about the impact of cybersecurity and, moreover, the attacks that have taken place against Australia and Australians. There are many well-known sayings we're familiar with in this place: 'as safe as houses' or, as we used to say, 'as safe as the Bank of England'; and, if something was secure or impenetrable, we always used to say it was 'as secure as Fort Knox'. Well, it's no longer enough to ensure that our banks are safe and secure; our IT and online software programs need to be as well. It's more than just the buildings and the infrastructure; it's the software and the computer hard drives et cetera.

Today's motion refers to the impacts of cyberattacks on Australian businesses. Some would assume that cyberattacks are simply targeted at large organisations and corporations. I say: not so—not so at all. Unfortunately, I've seen it even locally, with such organisations as Riverina Water. Just last year, the local water supply organisation for the southern part of my electorate, servicing 73,000 people with fresh drinking and domestic water across four local government areas, had its IT systems hacked as a result of an unauthorised electronic intrusion. They are not alone. Indeed, we've heard from previous government speakers, in this and other debates, about the attacks on local governments and other organisations.

It's critical that people update their software and put those patches on. It's critical that, indeed, they do visit the various government websites—and cyber.gov.au would be a very good start—to take the steps to protect themselves, their businesses, their families and Australia's digital sovereignty. It's critical that they protect their businesses and their bottom lines, because to get hacked means that you could very well have all your information sent overseas by nefarious characters who would use it to harm you and, potentially, your families, and, indeed, Australia's digital sovereignty.

We heard some very good remarks in question time today from the Minister for Home Affairs, who talked about, last November, this government introducing into parliament, and passing, the first tranche of its critical infrastructure reforms so that our nation is much better equipped to deal with a range of threats, including cyberattacks. That was the first stage of a two-part legislative approach.

Last week, the home affairs minister introduced the second tranche of this critical infrastructure legislation into the House of Representatives. It includes changes that will deal with risk management systems and how requirements for systems of national significance are actually put in place and administered. Minister Andrews talked about the Australian Cyber Security Centre receiving more than 67,500 cybercrime reports just in the last financial year alone and that more than a quarter of those incidents were on critical infrastructure systems. She said that these critical infrastructure systems are the systems that deliver 'essential services that all Australians rely on'. They include such things as water and sewerage; energy; our banking and financial services; transport; and food and groceries. As she said, and as she reported to the House in question time today, any threat to these very vital services is a threat to our way of life. If anybody were to become complacent about these things, that would be a critical error to make, because, as I said, it's very often the case that it's small businesses, family-run businesses, that are the target of these attacks.

In an article in April 2021 in the Financial Review, it was reported that more than half of the businesses in Australia reported being cyberattacked—more than half! That is an amazing statistic. The Review reported that these businesses lost an average of four days of productivity just to get their businesses back online. The frustration, the exasperation of that when you're trying run a small business, particularly during COVID—it's difficult enough without these attacks. That's why I urge and encourage people to visit cyber.gov.au. The other thing is that half of the businesses that were impacted paid their attackers and many of them did not have their stolen data returned. There's a lesson to be learnt there.

Again, make sure you've got the right patches, make sure you have the right processes in place, and never, ever be complacent when it comes to cybersecurity.

Steve Irons (Swan, Liberal Party) Share this | Link to this | Hansard source

There being no further speakers, the debate is adjourned, and the resumption of the debate will be made an order of the day for the next sitting.