James Paterson (Victoria, Liberal Party, Shadow Minister for Cyber Security) Share this | Hansard source

I want to take the opportunity to put the coalition's view on each of the Greens amendments in one go. The coalition will not be supporting any of the Greens amendments today for two reasons. Firstly, we were not given sufficient time to consider amendments that have potential unintended consequences. We cannot support them on that basis. Secondly, I think there is a great risk that the Greens' amendments, while well motivated, will not achieve their own intended objectives. For example, moving the Cyber Incident Review Board into the Prime Minister and Cabinet portfolio does not make much sense. PM&C, qualified, competent and patriotic though they no doubt are, do not have expertise in cybersecurity incidents, and it is not the relevant portfolio to be managing it.

We're also concerned about the other amendments, which would seek to restrict the ability of the ASD and cybersecurity coordinator to work together in the heat of a crisis. The provisions on limited use are strongly supported in the sector, but this would complicate the government's own incident response, and that's not something we should do.

While I'm on my feet I did also want to take the opportunity to gently clarify the personal cybersecurity advice that was given by Senator Polley in her speech in the second reading debate. As well intentioned as I'm sure it no doubt was—and certainly not her fault, because the Prime Minister has said similar things—it is not a good idea to tell Australians that they can protect themselves from cybercrime by turning their phone on and off every day. There's highly specialised advice to people like members of parliament who are targets of sophisticated state-backed actors, including foreign intelligence services, trying to engage in espionage on them. Most Australians are not the target of foreign intelligence services for espionage, and this will not offer them any protection against a ransomware attack, a phishing email, a business email compromise, a socially engineered attack or a data breach. Instead of relying on any politician, Senator Polley or me, Australians should go cyber.gov.au, where there are very practical tips about things you can do to protect yourself from a cyberincident.