Mark Bishop (WA, Australian Labor Party) Share this | Link to this | Hansard source

I rise this evening to talk about the valuable work being conducted at the Security Research Institute at Edith Cowan University in Western Australia. The institute is working with major multinational companies, agencies of national security, and law enforcement and resources and energy companies in the field of cybersecurity. Many associate a lack of cybersecurity with embarrassing leaks or credit card scams. However, the tentacles of cybercrime have the potential not only to harm our major government agencies but also to impact our very quality of life. It is a threat like no other as we may not know a crime has been committed until we recognise the damage.

Back in the 1990s, as we headed toward the new millennium, we were alert to the implications of what was known as the Y2K bug. The bug would penetrate our entire computer system. Although computerisation was in some respects still in its infancy, a simple error in date programs threatened to unleash catastrophic results at midnight on 1 January 2000. The race to fix the problem began as we quickly came to understand our dependency. It was in some respects a massive international effort, as well as cooperation at a government level, agency level and boardroom level to address what was understood to be the problem. What we learned from this experience was that the very fabric of our society was integrated totally with computerisation.

Fast forward 13 years and the internet, or cyberspace, has become one of our more important strategic assets. It is fair to say that the online environment is pivotal to our economy, and not just to the finance sector. It also powers our roads, our ports, our rail, our airports and our security services—not, of course, to ignore water, gas and electricity. However, unlike with the Y2K bug, the potential for illegal penetration of our civil infrastructure and the harm that could flow is not properly understood.

The threat today is not from a programming glitch. Now we face cybercrime that is focused on intellectual property, commercial know-how and sensitive information. While hacking could be about spying, it is just as likely to be about sabotage and extortion. The threat extends, of course, to our major industries and their markets. It includes the resources sector, manufacturing, retail, construction, agriculture and the service industries. As a result, our reliance on a secure cyberspace grows daily. It is not a subject that dominates the headlines but one in which we all have a stake. We all rely on getting water from a tap and being able to turn on a light or household appliance. We take for granted the ability to make phone calls from a fixed line, and not many of us can function without mobile or wi-fi services.

Yet as our electricity, power, transport and communications infrastructure become more integrated into the internet we are exponentially increasing the opportunities for attacks. The coordinated, cooperative approach of the 1990s is not obvious. There is a view that many of our businesses are underestimating the risk that we face. The director-general of ASIO, for example, is taking a proactive approach by talking with CEOs and their boards about the scale and the reach of the threats. I understand that at this time much of the work is centred on corporate headquarters along the eastern seaboard. But there are a great number of other owners, holders and users of civil infrastructure outside of New South Wales and Victoria, to say nothing of the huge investment taking place in the mining dominated states of Queensland and Western Australia.

There are many reasons companies develop risk-taking cultures. However, it would be a grave error to underestimate the risk that comes from mining projects with foreign domiciled directors and a dependence on foreign capital, often provided by foreign governments. In these circumstances we should be alert to internal pressures that may lead to faulty and benign risk assessments.

The digital economy and cyberspace have opened up tremendous opportunities. But of course with opportunity comes risk. We know cybercrime is increasing. We know the number of intrusions and attacks in Australia has doubled over the last two years. We know that the nature of cyberattacks has shifted from away from being indiscriminate and random. A new national survey of around 250 businesses shows that cyberattacks are increasingly targeted and coordinated for financial reward. It no longer matters whether you are a government department, an intelligence agency, a major corporation or a small business; cybercriminals are able to do enormous damage, and we are all under threat.

So, what are we doing about it? Firstly, I would like to address the current inquiry by the Joint Committee on Intelligence and Security, which is considering reforms to national security legislation. Much of the commentary around this inquiry has centred on a proposal that data be retained by telecommunications and internet service providers for a two-year period. This is proving to be a contentious issue, if one read the press last week. However, the question is this: how do you safeguard both private and public sectors that are reliant on a secure but largely unregulated internet, recognising that internet and mobile telecommunications now go far beyond conventional boundaries and have the ability to disrupt every aspect of our lives? And how do you investigate and prosecute cybercrime if there are no records. This is the rub, and there are no easy answers.

In terms of government action the Prime Minister recently launched the National Security Strategy. It includes the establishment of a dedicated Australian Cyber Security Centre, the ACSC. The centre will be based in Canberra and I am told will boost our ability to protect against cyberattacks. The ACSC will be the hub, the heart, of the government's cybersecurity efforts. It will be responsible for analysing the nature and extent of cyberthreats. Its role will be to lead the response to cyberincidents, working closely with industry partners—in effect, to protect our nation's most valuable networks and systems.

But collectively we need to do more. To fix the Y2K bug Australian researchers, programmers, and corporate and government agencies worked with their global counterparts. The same global effort will be necessary to combat cybercrime. In Australia, both the public sector and the private sector have a part to play.

This brings me back to the Security Research Institute at Edith Cowan University. This institute is somewhat surprisingly the only research institute of its kind in Australia. I was recently briefed on its work. It has been a 10-year project headed by Professor Craig Valli and is now at the forefront of research into cybersecurity and its relationship with civil infrastructure. It has the most sophisticated purpose-built and secure facilities of its type within any university in Australia. Its team of researchers work with major multinational companies, agencies of national security, law enforcement, and resource and energy companies. It is in fact rated as one of the top five security research institutes in the world. It is a tremendous measure of its international standing that it recently secured research funding from the European Union. It is not often that our universities receive research grants from foreign governments. I congratulate Professor Valli and his team for securing such funding.

The institute's next phase is to bring together partners from industry and academia to drive new research projects. The plan is to open a cybersecurity cooperative research centre in 2014. I have no doubt they will be looking for Commonwealth funding and, given the importance of their work, I am very happy to offer my support.

Cybercrime costs our economy hundreds of millions dollars a year. It is a silent crime that is often difficult to detect and often vested interests wish to cover up the attacks. Through the work of the Security Research Institute, Australia is taking a lead role in finding global solutions to thwart the malice and curse of cybercrime. I commend the work of Professor Valli and his team at Edith Cowan University and I also look forward to watching the progress of the development of the Cyber Security Cooperative Research Centre, based currently at that university in Western Australia.