Helen Polley (Tasmania, Australian Labor Party) Share this | Hansard source

I wanted to talk tonight about the issues that we are experiencing nationally and internationally in relation to cybersecurity and the attacks that have happened, as we know, in some major companies like Qantas. We saw the devastation of the impact of their cyberattack and the concern that gave Australians when their names, addresses and date of birth were accessed during that cyberattack. We were very fortunate that credit card details, passport data and Frequent Flyer numbers were not accessed. It is a concern not only to us in this place but to the Australian community. We all have a responsibility to protect those things by monitoring the amount of time we spend on social media platforms and the information we give out.

Yet we know this is a troubling pattern. If we go back to September 2022, Optus suffered a massive breach that affected over nine million Australians. Sensitive data such as drivers licences, Medicare numbers and passport details were exposed. People had to queue at service centres to urgently replace IDs and come to grips with the fact that their personal information might be circulating on the dark web indefinitely.

Not long after that, Medicare, another cornerstone of the Australian service landscape, was attacked by cybercriminals who accessed deeply private and distressing health records. Sensitive information relating to mental health issues, abortions and chronic illnesses was stolen and, in some cases, released publicly in an attempt to extort.

Just last year we saw what is now considered the largest cyberincident in Australian history: the attack on MediSecure, a digital prescription service. This breach exposed the data of nearly 13 million Australians and underscores just how expansive our vulnerability is when it comes to third-party service providers.

Australians are losing confidence in the ability of businesses to protect their most sensitive information. The public now lives in a constant state of alert, wary of the next scam email, suspicious phone call or identity theft, and who can blame them? We cannot and will not allow this burden to affect Australians. As a government, we will do everything we can, but we also have to individually take responsibility.

As Chair of the Joint Standing Committee on Law Enforcement during the last parliament, I heard countless testimonies through the committee from witnesses about the global challenges surrounding cybersecurity and how security agencies including ASIO, the AFP, Border Force and ACIC are working around the clock with other jurisdictions and foreign governments to bring cybercriminals to justice. What we know now is that there are no borders when it comes to cybercrime. We know there are no borders when it comes to the sexual exploitation of children, but what I do know is that our agencies are working, as I said, around the clock and across borders internationally to hold those criminals accountable for their actions.

The Albanese Labor government understands what is at stake. That's why we have made cybersecurity a national priority. We've established a National Cyber Security Coordinator to oversee preparedness and respond swiftly in the face of these incidents. The Albanese government has expanded the Security of Critical Infrastructure Act to ensure that sensitive sectors, from transport and telecommunications to health and financial services, are treated as essential to national security, and they are essential to our national security.

Our recently implemented Cyber Security Act 2024 introduces mandatory reporting of ransomware attacks and cyberextortion incidences. Businesses can no longer sweep incidents under the rug. Transparency builds resilience. It builds stronger security infrastructure and it breeds trust within our cybersecurity systems. But some of the most vulnerable people are targeted, like young people. People who are desperate to make extra money at home are used for money laundering. We need to be more alert. We need to talk about this within our communities and within our families, because it can happen so easily. People are embarrassed if they're being scammed, and they shouldn't be. It needs to be reported.