Karen Andrews (McPherson, Liberal Party, Shadow Minister for Home Affairs) Share this | Link to this | Hansard source

I move:

That this bill be now read a second time.

The Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 proposes criminal law reforms to implement a new standalone offence for all forms of cyberextortion and tougher penalties for those who prey on the vulnerable online.

As the current government flounders in search of a plan on a range of issues facing our nation, the coalition stands ready to advocate for and support sensible legislation in the national interest.

In this case we are putting forward legislation that is ready to go.

This legislation will ensure cybercriminals found guilty of using ransomware face an increased maximum penalty of 10 years imprisonment and those targeting Australia's critical infrastructure will receive a maximum penalty of 25 years imprisonment.

It's designed to disrupt and deter cybercriminals who engage in ransomware and cyberextortion activities targeting Australians and Australian businesses.

This bill is not new to the parliament—it was introduced in February this year to address an urgent need to combat the rising scourge of ransomware and cybercrime.

Unfortunately, time for debate and passage was not forthcoming and the bill lapsed with the dissolution of the last parliament.

As well as the standalone offence and penalties I mentioned earlier, this bill introduces an aggravated offence for buying and selling malware for the purpose of committing a computer offence and dealing with stolen data, with a maximum penalty of 10 years.

This is designed to halt the effectiveness of the ransomware business model.

Further, it ensures that law enforcement can monitor and freeze cybercriminals' ill-gotten gains by extending current powers that cover financial institutions to digital currency exchanges.

It ensures that the powers to seize digital assets, including cryptocurrency, reflect the operational environment and that confiscated funds are available for action under the Proceeds of Crime Act 2002.

In simple terms, it hits the cybercriminals where it hurts them most, and that's in their hip pockets.

These are all sensible measures that will create a greater deterrence and therefore reduce the incidence of ransomware attacks on individuals and businesses.

I am not suggesting that this bill on its own is the solution to all challenges relating to cybercrime. Indeed, it was just part of a suite of reforms that we were planning to introduce to build even stronger cybersecurity and law enforcement capabilities to protect Australian businesses and communities.

But it is a step in the right direction. It is a positive move. And certainly in the last parliament there appeared to be bipartisan support for these measures.

So, today, I implore those opposite to support this bill.

It is literally ready to go. It has not been significantly altered in any way—it has been carefully crafted by government legislators.

In opposition, the Labor Party repeatedly called for legislation to address the threat of ransomware. They said it was urgent. But I did not see any mention of ransomware legislation in their first 100 days, and certainly no legislation on it has been presented in this place.

There have been plenty of reviews and summits, but where is the sensible, practical action?

The most sensible thing they can do today is to put their pride and ideology aside and support this bill in the national interest.

Let's achieve something together.

This bill has no budgetary impact. It's literally about giving law enforcement agencies the tools they need to pursue and prosecute ransomware gangs and track, freeze and seize their illegally and dishonestly acquired gains.

While Labor waits to come up with a plan, cybercriminals are coming up with new ways every day to use malware and, specifically, ransomware to do us real and long-lasting harm.

I note with great regret that the government have indicated that they are basically 'tearing up' the Cyber Security Strategy 2020, which was a $1.67 billion investment over 10 years.

Whilst they're in government, it is their call to do so.

But why would you cast uncertainty over a range of cybersecurity programs?

Why would you say that you're getting rid of something when you don't know what you're going to replace it with?

Where's the policy detail? Because it wasn't in the one-paragraph 'policy' Labor had before the election, which contained a motherhood statement about 'lifting cyber-resilience across the whole nation' and 'appointing a dedicated cybersecurity minister'.

That was the extent of their cyberpolicy. So, I guess that they consider that giving the Minister for Home Affairs a secondary ministry title delivers that promise.

But, as we all know, that is just symbolism—it doesn't stop a single cyberattack.

Now, I put to those opposite that there is something positive and tangible that they can do right now that can help stop cyberattacks—they can support this bill and they can do so in the best national interests.

In the brief time that is left to speak on this bill, I would like to give the member for Fisher the opportunity to speak, and, in doing so, I take the opportunity to congratulate him on his election to the very important role of Deputy Chair of the Parliamentary Joint Committee on Intelligence and Security.

Milton Dick (Speaker) Share this | Link to this | Hansard source

Is the motion seconded?

Andrew Wallace (Fisher, Liberal National Party) Share this | Link to this | Hansard source

I second the bill and I'm pleased to do so for this bill that's been introduced by the shadow minister for home affairs. Like many bills which I've spoken in support of in this 47th Parliament, this bill is coalition policy which, because of the effluxion of time, was unable to be passed in the 46th Parliament. Last year, the coalition launched our ransomware action plan, a practical response to the menace of ransomware attacks which affect Australian families and their businesses and, indeed, communities the world over.

Technology is advancing beyond measure, and both organised crime and sophisticated state actors continue to wreak havoc with our global rules based order. It is essential that the Australian government do what it takes to protect our critical infrastructure.

Ransomware attacks have affected some of our most important services on the Sunshine Coast—and I'm referring to, for example, Uniting Care's Buderim Private Hospital, which is just a stone's throw from my electorate. We are seeing attacks on construction, health care, manufacturing and media. And just last week there was an attack, which we're all aware of, on Optus and its nine million Australian customers.

One in three organisations around the world were affected by ransomware attacks in 2021, costing the global economy over $30.3 billion. This is tipped to rise to $402 billion by 2031. And Australia is not immune, with an estimated cost of as much as $2.59 billion lost each year.

It's vital that our law enforcement agencies are empowered to detect, disrupt and deter cybercriminals and foreign state actors who seek to do us harm. That is why the coalition introduced this bill, and, but for the lack of time, it might well have already been law. I want to congratulate the shadow home affairs minister on this initiative—on going onto the front foot in the absence of a credible, or in fact any, bill from the government. This is a bill that, as the shadow minister has pointed out, was introduced in the last parliament. It's ready to go. This is a bill that, for all intents and purposes, the government were prepared to accept and work with us on, in a bipartisan manner. Well, they haven't taken the initiative. The opposition have, at the behest of the shadow home affairs minister. Now, the government—having essentially agreed to the bill's contents whilst they were in opposition—have nowhere to go. This a bill that they should be supporting, and it will be very telling whether they stand up in this place and support this comprehensive bill.

This bill is not going to fix everything—as the shadow minister said, it is just one step in the right direction. But I urge all members to support this bill and call on the government to build on our work, both in defence and in security. Don't dismantle what we are seeking to build for the benefit of Australians and the Australian community and Australian businesses.

Milton Dick (Speaker) Share this | Link to this | Hansard source

The question is that this bill now be read a second time. The time allocated for this debate has expired. The debate is adjourned and resumption of the debate will be an order of the day for the next sitting.