January 23, 2024
Tuesday 23 January 2024
Interview on Sky News AM Agenda
Subjects: The governments long overdue first use of the Magnitsky cyber sanctions
LAURA JAYES: Let's go live to the Shadow Cyber Security Minister now. James Paterson. James, a big announcement this morning from three ministers. Do you welcome this announcement? It seems like a pretty unprecedented move, to be honest.
JAMES PATERSON: We certainly do, Laura. It is welcome that the Magnitsky cyber sanctions component that was legislated by the Parliament in December 2021 has finally been used. But what the Albanese government has not explained today is what has taken them so long. It was in November 2022 that I first called on the government to use these powers in relation to the Russian backed hackers who attacked Medibank because the Australian Federal Police had already publicly attributed it to Russian hackers. In December that year, the Department of Foreign Affairs and Trade acknowledged that they had provided advice to the minister to do these sanctions, and in May 2023, the Australian Signals Directorate admitted that they had provided technical assistance for an attribution for this to happen. So what's taken so long?
JAYES: So is it the government is dragging its feet, though. Or is it our national security agencies needing to take this long to be diligent?
PATERSON: Well, from what we have available on the public record, it's very clear that the national security agencies provided that advice in a timely way. The AFP provided the advice on November 2022. DFAT provided the advice by December 2022. ASD provided it by May 2023 at the latest - that was the time that they publicly acknowledged it, it might have been much earlier. So what have the ministers been doing since then? Why have they been waiting? What has taken them so long? No explanation was offered for that today, and all we can see is that yet again, the Albanese government has been slow on a matter of national security, as they often are.
JAYES: But what is exposed today? Is it essentially, yes. This is great work by our security agencies and working with our allies and partners in able to name this Russian hacker. But doesn't it also underscore the point that there's very little our government or even the US government can do to bring someone like Alexander to account?
PATERSON: Laura, the Minister of Home Affairs and Cybersecurity, very modestly said that her own appointment as a cabinet minister with these responsibilities was a game changer. I'm not sure that the Australian people have noticed the benefit of that game changing appointment, because these cyber attacks are still happening, whether it's Optus or Medibank, Latitude, or many others. The reality is this is a very hard task, and we have to be honest and humble with the Australian people about what we can do. Cyber sanctions are important though because what we're trying to do is shape international norms. We're trying to put a cost on this behaviour. We should be doing that with offensive cyber operations against these gangs, and we should be doing it by sanctioning not just these gangs, but the governments which harbour them. The Russian government knows that this activity takes place on their soil.
JAYES: What impact would that have in all reality, James? I mean, if you sanction the Russian government, what's Putin going to do? Is he going to care? Is he going to instruct these hackers not to target Medibank and Optus and the like.
PATERSON: Laura, this is a challenging issue. We cannot just click our fingers and make this go away. Cybercriminals make a lot of money out of this and they very determined. And some governments are happy for it to happen on their soil. All we can do is reduce the likelihood that it happens again to our citizens and cyber sanctions are one way of doing it. It's particularly powerful if we do it in concert with our allies. If countries around the world who are like minded help shape these norms by putting a cost on this behaviour, now it won't what guarantee that it stops, but it does make it less likely than if we do nothing. So it is welcome that the government has finally acted, but it's not clear why it's taken so long.
JAYES: Indeed, one final question and Clare O'Neil suggested that when Labor came to office, the government was ill equipped to deal with the hacking that we have seen on the scale when it comes to these corporations in particular, do you concede this morning that your government, the previous government, should have done more? I remember a couple of budgets ago, there was $10 billion put towards cyber security over the next decade. Was that money not well spent or not spent at all?
PATERSON: All the tools that Clare O'Neil, and the government have used on cyber security are tools that the previous government put in place, the Magnitsky cyber sanctions we legislated, the Redspice funding that we gave ASD is what's giving them the resources to do operations like this. Even the much vaunted Hack the Hackers program, which the Minister claims credit for, was actually put in place under the previous government. The head of the Cyber Security Centre, who was standing next to her at the press conference today, was not only appointed by the previous government, that whole entity was created by the previous government. So the entire framework that the Minister is using, she's relying on the previous government to do. Now, this is an evolving threat. We have to keep our pace with it. There are more things that we have to do, but the previous government did everything it could, and this government has been the beneficiary of that.
JAYES: I don't have the ability to fact check all those things, James, but I will take your word for it and follow up with you later if I've got anything to quibble over.
PATERSON: Please do.
JAYES: Thanks so much for your time as always.
PATERSON: Thanks, Laura.
ENDS
