Sky News First Edition – Optus Breach, Russian Invasion of Ukraine



Subjects: Russia-Ukraine tensions

PETER STEFANOVIC, HOST: Back to our top story now, the Optus hacker has released the private data of up to 10,000 people. Joining us live now is Labor MP Peter Khalil and Liberal Senator James Paterson. Good morning gentlemen. First to you Peter, first of all your reaction to this?

PETER KHALIL, FEDERAL MEMBER FOR WILLS: Of course, very concerning Pete this security breach, which we know the Minister has pointed out, rests with Optus. We shouldn’t be expecting this kind of breach of this nature from a large telecommunications company, and we’re obviously doing everything we can to support Optus through the Australian Cybersecurity Centre and the Australian Signals Directorate, the ASD to provide that support. But also, our law enforcement and other agencies are monitoring all of this and investigating it and making sure that you know, especially if people try to buy some stolen credentials that that the full force of the law is brought to bear. So, it is very very concerning. But I just gotta say one important point, I’ve heard the opposition, a Congo line of Shadow Ministers led by Peter Dutton, the Opposition Leader, including James Paterson, who’s here with me today, have been clutching their pearls, sort of being critical of the Minister for Home Affairs, whereas she wears a response. Let me tell you what the Minister for Home Affairs has been doing, she’s been fixing up a problem that is partly of their making, the previous government, the Liberal government decided to exempt telecommunication companies from the security of critical infrastructure laws. They made that decision; it enabled this attack. Now Optus is responsible, but of course you know that we live in a very dangerous neighbourhood, we all agree on that. And that decision and of course the Minister for Communications was a former Optus executive, Paul Fletcher. So, they left out, the telco is because the telco said, oh we’ve got this, we can handle it. But of course, that has meant that they have left not only the door unlocked in this dangerous neighbourhood, when there’s a rise of cyber-attacks and cyber criminals and so on, they’ve left it wide open. They’ve left the back door open. And they’ve left the windows open.

STEFANOVIC: OK, there’s a bit to get through there and I will get your response to that James. But first of all, back to this threat today. The threat, it seems, has been backed up with action with up to 10,000 people having had their data released. Now the threat is that 10,000 every day will have data leaked. Your thoughts on that?

SENATOR JAMES PATERSON: Peter, this will be very distressing news for Optus users this morning. I’ve been contacted over the last week by many anxious and concerned Optus users who’ve been asking why has the company made a decision to expose them in this way and Peter Khalil is right, Optus spares the overwhelming responsibility for this but that doesn’t exempt the government from its responsibility and the public response, at least from the government, has been slow. For three days after the attack the Minister for Home Affairs made no public comment at all and her first public comment came at three quarter time of the Grand final in the form of three tweets. It took five days before the Minister made a media appearance, on ABC yesterday and the Minister has still not fronted a press conference to answer questions about what the government did and when it did it. Now I have no doubt that the highly professional team in our intelligence agencies like the Signals Directorate, the Cyber Security Centre and the Australian Federal Police are working day and night and throughout the weekend to do everything they can. But the public needs to be reassured that the government is using the powers that it has within its remit, to address these issues and until they hear the Minister say that that she has done so, they don’t know that. Peter is actually not correct the telecommunications industry is not exempt from the Security of Critical Infrastructure Legislation. I encourage him to go and read it and also to read the Parliamentary Joint Committee on Intelligence and Securities report into the legislation last year before it passed. The 11 critical sectors includes the telecommunications sector and many provisions of that legislation do encompass the telecommunications sector except, where it is already regulated by telecommunications regulation and in fact, the Communications Minister Michelle Rowland has issued parallel regulations this year to mirror the provisions in the Security of Critical Infrastructure Legislation. So, there are no gaps in the legislation, there is no instance where the telecommunications sector is not regulated. The only way in which the telecommunications sector is not covered by SOCI is if it is already covered by telecommunications regulations. So, the intention of the Act, which I believe has been reflected in the law and certainly the recommendations of the committee, was to ensure that everyone is covered by a minimum standard and that if necessary higher standards are applied to more sensitive industries. Now it’s not clear whether the Minister has applied all the powers available to her under the Act and it is up to her to say if she has.

STEFANOVIC: Alright, Peter should Optus just pay the ransom?

KHALIL: Well, hold on before I answer that kind of question, just to respond to James the important word that he used, or two words were ‘except for’. And that was the point I was making. There was a decision made that the telecommunication companies’, large telcos would be exempt from SOCI from the Security of Critical Infrastructure.

PATERSON: That’s not true, that is not true. Have a look at the legislation, Peter they’re not exempt.

KHALIL: Well, no they are not included by your very own words.

PATERSON: Wrong, wrong go and have a look at the legislation, they are included.

KHALIL: They are included under a different regime in a different set of legislation. You just said that they were they were covered by a different set of laws, is that right?

PATERSON: Peter, they’re covered both by SOCI and by telecommunications sector regulation.

KHALIL: Well, no, well. You were just saying except for when they are covered by the other set of laws. Anyway, we’re getting into some fine detail here, where I do agree with James and what he did say correctly to. Is that our agencies the ASD, the Australian Security Cyber Security Centre and AFP and other security agencies are working around the clock. And this sort of political criticism of the Minister when she’s been working around the clock to, as he would know when attacks like this happen, they can be, at least initially, very complex to work out what’s going on. In this case this has been a pretty simple hack, at least not a very complex hack and obviously the anger that people have towards Optus for not preparing themselves and being properly protected from the cyber security hacks is a critical point in all of this debate, but the government is doing everything it can to try to.

STEFANOVIC: What makes it a simple hack?

KHALIL: Well, as I said, it is not a sophisticated hack, as far as the information that we’ve seen publicly. Well, I’m not a computer expert or a cyber expert like some others. But there are different levels of complexity and the Minister herself had pointed out that it wasn’t necessarily a complex security hack.

STEFANOVIC: So, should Optus just pay this ransom to stop more private information from being released?

PATERSON: Peter, can I jump in quickly on this issue of whether it was a simple or sophisticated attack? Cause this is a really important point, on the 7:30 report last night, the Minister for Home Affairs effectively accused Optus of misleading the public when Optus said this is a sophisticated attack and she said in fact it’s a very basic attack. Now I’m aware of the facts that led the Minister to reach that assessment and I agree with her assessment. And it is appropriate if she believes that Optus has mislead the public for her to be very candid with the Australian public about that. So, I welcome her comments. However, what she hasn’t yet done is explained to the public the facts that she’s aware of which has led her to make that assessment. And I think the Australian people deserve to know, within the appropriate bounds without revealing any classified intelligence or information of course. Optus users in particular are entitled to understand if it is the case that Optus is misleading them about the severity of this attack. That’s a very serious accusation for a Federal Minister to make and it’s important that it’s substantiated

STEFANOVIC: And that seems like a fair enough point to argue against the Home Affairs Minister, Peter.

KHALIL: Well, look the Minister has been very clear in her statement and I dispute James’s characterization. She’s been on the 7:30 report, once all of the information and the issues have been sorted through and been briefed by all the detail that she’s had to go through since this attack. She’s been open and clear on the 7:30 report, which is sort of no disrespect to Sky is a pretty well watched program and has been out there as well in Parliament and publicly stating our position.

STEFANOVIC: OK, I’m just running out of time so there’s a couple of quick questions I want to get to. So, should Optus just pay the ransom to stop more private information from users from being made public and used against?

KHALIL: Oh look, I’m not going to answer that kind of question.

STEFANOVIC: But why not? I mean, if there’s been a simple attack here, shouldn’t they just pay it and get it get it over and done with?

KHALIL: Pete this is not a question that the government, or the opposition or any of the sort of Parliament has to be responding to. This is obviously a matter for Optus, but my personal view would be, in my experience that you don’t reward this kind of behaviour. Obviously, some of these issues, I don’t know all the details, I haven’t been fully briefed. But my personal view would be that you would not be rewarding this kind of criminal behaviour.

STEFANOVIC: OK, just a final one here James. The Telecommunication Act dates back to 1979, the world, as you know and as we all know, a very different place now. Does this prove that protection laws? Are out of date and need to change.

PATERSON: Well, certainly the Act commenced them, but it would have been amended, you know, two dozen, if not three dozen times since then, to keep pace with technology, including it’s been recently reviewed by the Intelligence Committee last year we did make some recommendations about it. Of course, the Opposition is very open to supporting any constructive proposals that the government has to change the law. We will provide bipartisan support for any sensible changes that the Government brings forward. But my concern is though that those changes as important as they may be and as necessary as they may be, are not going to provide much comfort for the 10 million Optus users. What they want to know is what steps the government has taken already to protect them under the powers they already have. And the Minister herself has praised the former government for its passage of that Security of Critical Infrastructure Legislation in public interviews. She’s recognised how world leading that is. And when Peter and I were in the United States recently, it was repeatedly raised with me how important that legislation is and how jealous the Americans are that we have those powers. But the powers are only good if they’re actually used, and that’s the test that the minister has to meet today and explain.

KHALIL: Can I just say Peter, in response to James? Very very quickly, the Minister has also and I agree with James, there is a real need for substantial reform she’s outlined that. And that includes investigating whether cyber security requirements we currently have in place are fit for purpose, particularly telcos and other companies. So, there’s an intention to work across the Parliament in pursuing this and I’m really pleased to hear that the Opposition is keen to work in a constructive way. Because we do have to get these laws up to scratch and fit for purpose.

STEFANOVIC: Peter and James a nice extended chat there. Appreciate your time though we got to go but thank you. We’ll talk to you again soon.