Private Members’ Business – Cybersecurity, Optus Breach, Medibank Breach





Subjects: Cybersecurity

PETER KHALIL, FEDERAL MEMBER FOR WILLS: Australians have every right to be concerned about the Optus and Medibank data breaches, which have exposed the sensitive information of thousands of people and businesses. Of course, they rightly expect the Australian government to do everything it can to respond to such cyberattacks. But I have to tell you, this motion is simply absurd. For those on the other side to come in here and make such a brazen, politicised attempt to pull the wool over the Australian people’s eyes is just astounding. Previous speakers have claimed that the Morrison government passed significant legislation to protect Australians from cybercriminals. Really? Then how do they explain these breaches? Why did their significant legislation fail to protect Australians and critical infrastructure?

I know why it failed. The former minister for home affairs—the same person who moved this motion—knows why it failed. When the breaches occurred, she along with Opposition Leader Peter Dutton led a conga line of shadow ministers and all the political puppet-show opposition speakers on this motion who have been seeking to ascribe blame to the new government and the minister while avoiding any responsibility. It was the member for McPherson, when she was home affairs minister, who switched on the cyber incident and critical infrastructure register reporting obligations for the critical infrastructure sectors on 8 April 2022. So far so good, but here’s the kicker: it was her and the Morrison government that decided to leave out the telco sector. They left out telecommunications. That meant not only did they leave the door unlocked in this very dangerous cybersecurity neighbourhood when there is a rise of cyberattacks and cybercriminals, they left the door wide open, they left the backdoor open, they left the windows open.

The former government told the intelligence and security committee they would turn their mind to it if their existing obligations under the telco act were assessed as being unsuitable. But rather than proactively assessing the suitability of obligations on telcos, in classic form, of this opposition when they were in government, they kicked it into the long grass. So when the Optus breach happened response powers could not deployed to support Optus to respond to the incident. It was not just the former Minister for Home Affairs who was responsible, despite her brazen attempt through this motion to absolve herself of responsibility, the former Minister for Communications Paul Fletcher did not switch on the obligations for the telecommunications sector under the SOCI Act either. He should’ve been well informed—

I’ll do so going forward. He should’ve been well informed. He was an Optus executive. It’s an absolute disgrace that they would come in here today and pretend that this failure is anything but one of their own making.

It was the Albanese Labor government that actually applied the cyber incident and critical infrastructure register reporting to the telecommunications sector after the election—straight after the election! We addressed the gap in the application of the SOCI obligations for telcos. Not only that, after the former coalition government abolished the role entirely, we established a cabinet level Minister for Cyber Security. She’s been working hard, working with the agencies to actually address these problems to enhance coordination across government on cyberpolicy, cyber strategy and cyber-response mechanisms. Thank goodness we did, because from the outset Minister O’Neil has been leading a dedicated team who have been working around the clock to protect Australians. We’ve had the toughest and smartest people in Australia and in the government working tirelessly to respond. That includes the excellent team at the Australian Signals Directorate, who are continuously updating the minister on active cyber incidents. They deserve our thanks, not the former government who made their job even harder.

Significant support is also being provided by the Australian Federal Police and the Department of Home Affairs to the Medibank and Optus incidents. And, of course, the AFP is leading a criminal investigation to hunt down and prosecute the attackers. Home Affairs has led the coordination of multiple federal, state and territory agencies and departments to support the response and put protections in place. To all of those dedicated public servants, I say thank you. Beyond the politicisation of this motion, they are doing a great job and they should be thanked. Unlike those on the other side of the House, they’re not trying to escape blame or point the finger at others. They’re taking responsibility and doing what needs to be done. I want them all to know that the Albanese government is right on their side, and all Australians, in protecting them from these attacks.

We’re cracking down on hackers. We’re making it clear with major increased penalties that companies have an obligation to protect consumer data. It’s the Albanese Labor Government that is actually putting all of these things in place to protect Australians.