Murray Watt (Queensland, Australian Labor Party, Minister for Employment and Workplace Relations) Share this | Hansard source

The Department of Home Affairs is the lead agency when it comes to cybersecurity. But Australia currently has no formal mechanism to conduct post-incident reviews into cyber incidents that do have significant impacts on the Australian economy, national security or our social prosperity. What we've seen through some of the most recent high-profile cybersecurity incidents is that industry and government need to do more to effectively investigate and learn lessons from cybersecurity incidents and prepare contingencies for future attacks. The government's view is that we do need a standing independent mechanism—independent of government, rather than housed in a department or run by a department—that is responsible for undertaking post-incident reviews of vulnerabilities that led to a significant cybersecurity incident or the effectiveness of the government and industry response to the incident. By establishing this board, it brings us in line with a range of other countries, such as the US, which established its own cybersafety review board in 2022. I guess one of the risks in simply ensuring that the department manages these things is that there could be a situation where the department's own response was not adequate. Having an independent review board gives us the ability to have someone independently look at the actions of that department as well as industry and anyone else involved.