Alex Antic (SA, Liberal Party) Share this | Hansard source

One of the things that is constantly on the minds of South Australians and Australians that I speak to as I get around is this issue of data integrity and data security. It is consistently a theme—a theme which is bothering people, a theme which is constantly on people's minds—and it's never been more important in our lives than it is today in 2022. Everybody has data out there on the cloud with their service providers, including government departments. It is a massive, massive issue for Australians. It's not an issue to be taken lightly, which I fear is something that we've seen from the government in the last week. It is extraordinary news that the data of something in the order of, we think, as many as 10 million Australians, 10 million Optus users, has been compromised. It's incredibly concerning stuff.

But even more incredibly concerning is the listless approach of the government and the minister responsible, who we heard this afternoon took something in the order of three days to even respond to the incident itself. And to be even more frank about it, having taken three days to respond, the response formed three tweets at three-quarter time of the AFL grand final—it was three, three, three. Extraordinary stuff! It was a relatively dull game, I get that, and if ever you were going to take the opportunity to get a press release out, it would be once you put down the Bollinger at the half-time show at the AFL grand final. The minister banged out a couple of tweets to make sure the Australian people had full confidence in what she was doing in her portfolio. But, of course, that doesn't satisfy the likes of me; it won't satisfy the likes of Australians who are hoping and pleading that their government is across this issue.

We heard from the Leader of the Opposition on Friday—well before the grand final—that this may in fact be the largest-ever data breach in Australian commercial history. That was known well in advance of Saturday. I asked what the delay was in responding and why it took so long. The opposition are now seeking briefings in relation to the matter, but the Albanese government has seemingly just been missing in action on this issue. Australians deserve the opportunity to hear what steps the government is taking to secure their personal data and protect them from future cyberattacks because, of course, this one incident might well be the tip of the iceberg. We don't know what else is out there.

We know that Australians live their lives now in the cyberworld, and that is only going to increase; this issue is only going to get more important. Of course, with the prospect of digital ID and the digital ID legislation approaching, Australians have every right to be concerned about their data being in the hands of others—governments, private businesses—because we can see what can happen. Millions and millions of terabytes of data can go—well maybe not that much, but terabytes of data—

An honourable se nator interjecting—

It's a lot. I'm quite tech savvy, as you know! But terabytes of data can go off into the ether without even blinking, as it has in this instant. Businesses and corporations need to be transparent, but governments are meant to be there for the regulatory purposes of taking it up to businesses when they have these sorts of problems. The government, including the Minister for Cyber Security, now needs to make good that delay, that listless response, and make it clear to the Australian people what steps it has taken to protect Australians from future such attacks, because there will be more. We have bad actors in the corporate world. We've got state based actors looking for opportunities to penetrate the cybersecurity veil.

The coalition government, as it was, had an extraordinary track record when it came to cybersecurity—in fact, it had some of the most impressive and far-reaching deliveries in terms of key reforms. There were world-leading laws to protect critical infrastructure like water, power and telecommunications from sophisticated cyberattacks. We introduced a suite of ransomware related legislation, which included tougher penalties for criminal provisions to deter cybercriminals. There were regulatory amendments to empower the telco sector to identify and block SMS scams, which are now becoming even more prevalent. We expanded a 24-hour cybersecurity centre hotline to ensure Australians, including business owners, had access to cybersecurity data. The point I make is that time is of the essence with these matters—not three-quarter time, not full-time, but time.