November 4, 2022
.png)
JAMES PATERSON: Today the Australian Cyber Security Centre has released their annual threat report and it makes for very sobering reading. Cybercrime against Australians is up on almost every measure and we probably didn't need a report like this from the Cyber Security Centre to know that because it's been all through the media in recent weeks. Medibank and Optus customers certainly know the hard way how much this has hurt them and hurt Australians. But it means that we need very decisive action from the government and very clear leadership to respond to this threat. It's very important that the government step up to this threat to protect Australians and deal with the very serious risks that they're exposed to. They're exposed to a whole range of cybercrime, whether that's ransomware, whether it's identity theft, whether it’s business email compromise or even nation state threats which are emerging as very serious challenges. There's a couple of things the government needs to do.
Firstly, they need to quarantine and deliver in full the REDSPICE program, which we funded in our last budget in March. This is a program which will double in size over the next decade the Australian Signals Directorate, so that both its offensive and defensive cyber capabilities are significantly enhanced.
Secondly, it needs to swiftly implement the critical infrastructure reforms which were legislated under our watch. These reforms will step up the protections for critical infrastructure providers to make sure they can better protect themselves against cyber threats.
And finally, we need a close and cooperative relationship, a trusted, sharing relationship between the government and industry. It's very important that industry which receives threat
intelligence from the government so they can mitigate against these threats and that they trust them to share that information back again. It's also important the government helps industry with the critical skills shortages that they face. Unfortunately, we know that that problem has been exacerbated by a recent decision by the Minister for Home Affairs to put at the end of the queue critical and scarce cyber security skills for priority processing of their visas. Industry has been crying out for more skilled workers, and the Minister for Home Affairs, who's also the Minister for Cyber Security, has made a bizarre decision to make that even more difficult and slower. Happy to take any questions.
QUESTION: What specific changes will the ransomware bill make if it’s passed?
PATERSON: So the ransomware bill is a draft piece of legislation which we released before the election but did not yet legislate. And what it does is it criminalises and increases the penalties for a range of ransomware conduct. So, for example, providing software, a ransomware software, selling it to someone or engaging in a ransomware crime. It's an important tool, and our agencies when we were in government told us that it would be a helpful additional tool in addition to the other things they already have, because it would be another disincentive for people within Australia to participate in ransomware and it would also potentially apply extra-territorially or outside of Australia in any country we have an extradition treaty with.
QUESTION: Your Coalition didn't support Labor's ransomware last year. Why didn't you then?
PATERSON: Well, the Labor bill from Opposition was a very narrow bill. All that it did was require that any ransomware payments made by a business be reported, there was a mandatory reporting obligation. We actually introduced much broader mandatory reporting obligations as part of the security of critical infrastructure reforms that meant that any large business, whether they had a ransomware attack or any other kind of attack, if they're a systemically important, critical infrastructure provider, had to report that to government whether or not they were paying ransom or not. So, we thought that was a more comprehensive approach. It'll be interesting to see whether they pick up that draft ransomware bill that they had in Opposition. So far, we've seen no evidence of any action from this on the government. And we're now six months in beyond the election.
QUESTION: They've won the election, why should they support your ransomware bill? You rejected theirs last time?
PATERSON: Well, because our bill was based on the advice from the Australian Federal Police and our intelligence agencies that this was necessary and would be helpful. They're the same intelligence agencies and police force that's advising this government, and I'm sure they're giving them the same advice, which is that although this is not a silver bullet, there are no silver bullets when it comes to cybercrime, it would be a helpful additional assistance to them in tackling these threats.
QUESTION: James, we know companies don't have enough protections in place for consumers. You know, we're under threat with all of this geopolitical tension. Does this put a bigger target on the back of Australians?
PATERSON: Yes, unfortunately, I think the vulnerability that many companies have exposed them to by storing excess data for longer than they should and failing to protect it makes Australia a very attractive target. We're an attractive target because we're an advanced economy that is highly digitally literate, that engages in a lot of financial transactions online. And we're a wealthy country. So, if you're a cybercriminal elsewhere in the world, we're a great target and we need to make ourselves a harder target. We need to toughen up our defences so that it's not worth pursuing Australia, it's not worth coming after our money because it's not going to be economically worthwhile for a cybercriminal. That's why we're encouraging the government to do these things to better protect Australians.
QUESTION: How critical is it for both sides, the government, the Opposition and the Coalition to, I guess, work on this collectively to strengthen these laws? We've seen obviously these huge data breaches with Medibank and Optus and we know how easily this can happen.
PATERSON: Well, we will work very constructively with the government to fix these problems. They've already released one piece of legislation which increases penalties for inappropriate failure to protect the privacy of customers with increased penalties. And we're very positively disposed towards legislation like that. We'll be very constructive in supporting legislation like that through the parliament and if the Home Affairs Minister Clare O'Neil wants to sit down with us and talk about other measures that they'd like to enact then we'll be there to support them too.
QUESTION: If Labor came to the table, would the Coalition's support them instantly given how critical this situation is?
PATERSON: Our starting point is to support the government with any sensible changes they bring forward to protect Australians and to do so as quickly as possible, because these are urgent and pressing threats that we face. So, if the government wants to sit down with us in good faith and share with us any plans that they have to expedite legislation through the parliament, we will consider that very sincerely and very favourably. Thanks everyone.
ENDS
