Australia Today with Steve Price – Medibank Data Breach



Subjects: Medibank hack

STEVE PRICE, HOST: Haven’t heard much this week about what’s going on with that hack at Medibank. We also hear there’s been also another hack on the Smith family charity. We’ll get some details on that. Peter Khalil, very generous with his time, chair of the Parliamentary Joint Committee on Intelligence and Security joins us now. Nice to catch up again, Peter. 

PETER KHALIL, MEMBER FOR WILLS: G’day Steve, are you well? 

PRICE: I’m well, who’s going to win the Victorian election? 

KHALIL: Oh well, I’m up in Canberra so a bit distant from it. But I think it’s looking pretty close. I think the, probably the Labor government may hold and win Government. But it’s a close election. 

PRICE: Third terms are hard to win aren’t they? 

KHALIL: They are. 

PRICE: Yeah, it’s going to be very close I think on the weekend. On Medibank they have started releasing material, obviously on the dark web, how serious is this hack and what’s your view on paying ransoms to these people? 

KHALIL: Well on the 2nd part of your question first, I’ve said publicly that companies should not be paying ransoms to these cybercriminals, because all it really does is gets them to try again and re-extort, and there’s no guarantee that any of the material data wouldn’t be released anyway. It’s core practice and it’s actually the government advise not to pay ransom or not to pay the ransom. That’s the Government’s official advice, so I think the actions taken by Medibank not to do that is consistent with Government advice and that’s important. On the first part of your question, around Medibank, I’ve seen some of the reports on this matter, but you know it’s been it’s under continual investigation and the investigation is really, really important because we’re putting all, it’s a full-court press frankly, Steve, we’re putting all of our cyber security agencies, intelligence agencies, security agencies, all of their efforts into investigating, chasing down these cybercriminals and being on the front foot about it, the government actually activated what’s called the national coordination mechanism. Fancy word for basically saying that all of our focus and collaboration across all levels of government and the agencies, with the private sector is a priority. So you know, breaking down those silos and working very closely with Medibank and other companies, and we’re also developing a broader national security, sorry, national cyber security strategy to really look at where the gaps are in legislation that have been, you know, left there previously, and where we can fill those gaps and that’s part of my job as chair of the Intelligence Committee to look at that legislation as well when we look at the law reform. 

PRICE: Was this almost the hack we needed to warn big corporations that they need to do better? 

KHALIL: I wouldn’t put it in that way, there’s been a constant sort of low-level, mid-level, you know cyber-attacks that have been happening for quite a while. They’ve certainly picked up over the last couple of years in intensity, and certainly this year we’ve seen quite a lot of high profile cyber-attacks. You know obviously with Optus and Medibank and so on. And now even recently with the Smith family charity, so that’s really picked up. I think government has to do better. I noted that we have to, you know, make sure our legislation, our laws, are fit for purpose in the 21st century. So, we’re working on that, you know, to catch up if you like, with the criminals. But second, I think you’re right. The corporate culture has to change too No longer can they just write off the hack on their P&L at the end of the year, and say, oh well that’s 10 million, that’s ok, whatever, because it’s not just the financial cost. There’s the reputational damage, of course, but there’s also societal implications, people’s data, it’s important, it’s their private information and that’s really critically important. And there’s also the national security implications, so I think the corporate sector really is shifting, is changing, and they need to change their culture towards really hardening their defences against these attacks. 

PRICE: If we actually find out who they are Peter, the Russians, there’s not really much we can do, is there? I mean, I presume governments, like the Russian Government, are not going to cooperate with Australia to run these people to ground are they? 

KHALIL: Yes and no, there are things that our agencies can do to deter these cyber criminals and to get on the front foot against them. I won’t go into too much of this on the radio, but we do have cyber security and defensive as well as other capabilities if I could put it that way, to really push back on these cybercriminals and these groups and organisations. You mentioned if they are sponsored by state actors, like for example Russia, there are other things that we can do at a diplomatic level, but certainly at the agency level there are a number of tools at our disposal and as I said, we’re putting the full court press into this to protect people’s data and to try and help support if you like, defend and harden the defences of the corporates and the companies that that hold this data. 

PRICE: Just finally, the Foreign Minister, Penny Wong has warned Iran over the way they are treating protesters and treating women in their country. We’ve seen what happened at the World Cup. Do you think the Iranian Government pays any attention to what the rest of the world is saying about their treatment of women? 

KHALIL: Partially, obviously they have relationships around the world, they have to import goods and export goods and all the rest of it, but I think it’s pretty important the statements by the Foreign Minister. In fact, the Iranian representative at the embassy was hauled in and told in no uncertain terms about The Government’s position on this. We will not accept foreign interference of our citizens, we’re going to protect them and protect our democracy. Penny’s comments were very, very strong. With respect to the allegations of foreign interference, they’re being investigated. The government going to prosecute where appropriate, if it leads to that. Because we are really cognizant of the importance of defending our democracy and our people’s right to protest and express their views within Australia. Just as we stand up for the rights of those to do so elsewhere, you know, if we could talk about these principles of democracy, free speech, the freedom of the media, you gotta back it up, right Steve? It’s not just in the abstract and so I’m pleased to hear the Foreign Minister statements on that. I will just let you know, and listeners know too, that the Department of Home Affairs Counter Foreign Interference Coordination Centre is also working with the communities, it’s a special centre that’s been set up that that works with the community to conduct targeted engagement on foreign interference that we’re hearing about. We’ve got this engagement process with the community, and my own Intelligence Committee is reviewing what’s called the FITS That’s the acronym for the Foreign Interference Transparency Scheme. That’s a scheme that we’re looking at recommendations on how the legislation can be improved to crack down on foreign interference. 


Always a pleasure to catch up Peter, have a good day as you can in Canberra Peter thanks a lot. 

KHALIL: Cheers mate thank you. 

PRICE: Peter Khalil, chair of the Parliamentary Joint Committee on Intelligence and Security.