November 9, 2023
PETER STEFANOVIC: Joining us live now is the Shadow Home Affairs, Shadow Cyber Security Minister James Paterson. James, good to see you, as always. So still no explanation. Have we seen over the past day or so how not to run a business?
JAMES PATERSON: It's a fair question. Good morning. Look, it is concerning that Optus still doesn't have an explanation and the federal government hasn't provided an explanation either. It is not ok for one of Australia's two major carriers to go out for almost twelve hours and not to provide an explanation. I appreciate that these matters are complex, that is not always straightforward, but there should be much more information shared with Optus customers and the public because we all need to understand how this happens and how to prevent it from happening again because the consequences have been very serious for Australians and many in the community.
STEFANOVIC: So you've not just got the customers who were affected, you got businesses that were out, rail networks were down. Some folks couldn't even say goodbye to loved ones at hospitals because they couldn't be contacted. The CEO is ultimately responsible here, so how can she stay in that role after a second major incident in 12 months?
PATERSON: You're right about all of those flow on consequences, Peter. That's one of the most disturbing things for me about this situation, which is that it's demonstrated that our systems are not very resilient and that we don't have adequate redundancies in place because businesses should still be able to trade if there was a disruption of one of our networks. Because although it doesn't appear in this case to be a cyber attack, it's certainly the sort of thing that a foreign adversary would like to do to Australia in a time of crisis. And if they try to do that, if they're successful, we need a lot of redundancy in the system. Back to your question about the CEO, look that really is a matter for the Optus board, I’m not a member of the Optus board, I’m not an Optus shareholder. But I would be pretty skeptical about the CEO's performance over these two incidents, that’s for sure.
STEFANOVIC: So, so that point you just mentioned there, you know, at a macro level does this point to a bigger weakness if our second biggest telecommunication giant can be brought down and what does this say about the rest of it, in terms of national security?
PATERSON: Exactly right Peter, I think this is a national security issue. It was the reason why the previous government in the previous parliament passed not one but three different tranches of critical infrastructure legislation, which beefed up the obligations of companies like Optus, to do more to protect their systems and give the federal government powers to step in, in an emergency scenario to get them back up and running, if that's possible. I'm not suggesting those powers necessarily would have been applicable in this instance because it doesn't appear to be security related. But what those laws recognise is that these operators, are not just important for themselves and their immediate customers and their shareholders employees, they're actually systemically important to our economy and society and we can't afford for them to fall down for extended periods of time. If they do, we need better redundancy put in place, because next time this attack might not just be on one company, it might be on multiple companies, It might be on Telstra too. And imagine the consequences for our society if a foreign intelligence agency, a cyber intelligence agency, is able to take them both offline for such an extended period of time, and what that means.
STEFANOVIC: So, Michelle Rowland has this morning announced that their will be a government review. The regulator has done that as well into this incident. Is that something you support?
PATERSON: Well, I hope so, but there was a review last time, and it was never released publicly, either the review that the government did of Optus, they commissioned two and the government's response to it, neither of those were released publicly or Optus' own review, which it had one of the big four accounting firms do that, wasn't released publicly either. That's not good enough. All of those reviews should have been released, and these reviews that will inevitably happen now should also be released because the Australian public deserves to know what happened. I mean, we saw last time it took the Minister for Home Affairs and Cybersecurity more than three days before making any public comments about the largest data breach in Australian history. Well, this is now the most serious loss of telecommunications services and this is the most extended loss of telecommunication services in modern Australian history, but we can't afford to have that sort of silence and inaction form the federal government this time around.
STEFANOVIC: Ok, James Paterson, good to see you, as always, we will chat to you soon.
ENDS
