House debates

Wednesday, 20 October 2021

Bills

Security Legislation Amendment (Critical Infrastructure) Bill 2020; Second Reading

12:50 pm

Photo of Andrew WilkieAndrew Wilkie (Clark, Independent) Share this | Hansard source

[by video link] Good afternoon and hello from Hobart. I'd like to echo the considered comments of the member for Curtin, the previous speaker. I believe the member is quite right that the cyberthreat to the public and private sectors is very real and very significant. It's more diverse than people might have once believed. We have the obvious perpetrators, like China, Russia, Iran and North Korea, and we have seemingly countless criminal gangs attacking the Australian public and private sectors. We also have state-sponsored criminal actors. Regrettably, we even have allies who like to eavesdrop on the public and private sectors in Australia to try to find out what's going on. I'm too polite to list some of those countries. We would be naive to think that anyone and everyone don't have an interest in our electronic world and in our data and aren't attempting to obtain some of it.

That's a longwinded way of saying there's obviously merit in the Security Legislation Amendment (Critical Infrastructure) Bill 2020. I applaud the government for trying to take action against the cyberthreat to this country. I think it's also good that the government split, albeit at the last minute, the original bill in accordance with the strong recommendation of the PJCIS. The original bill was unsatisfactory, and it's wise to have carved out what the government thinks are the most urgent aspects of the bill to try to get them through the parliament this week. I say that in essence.

However, I note that both the PJCIS and the Australian Signals Directorate have cast doubt on the urgency of getting anything through the parliament this week. The Australian Signals Directorate mentioned earlier in the year that the likelihood of this legislation being used is 'very rare'—and I understand those were the words they used. Why are we continuing to act with such urgency, when we could slow it down and make sure that the provisions in these reforms are really well crafted, watertight and effective? I think we're missing an opportunity there. We're creating perhaps to some degree too much concern about getting this through this week.

I will also ventilate a couple of other concerns with this bill. I think it does give excessive power to the government and the minister in particular because the people who affected by the decisions of the government and the minister don't have any resort to judicial review or any sort of effective independent oversight of the decisions of the government or the minister. In fact, I note that in the bill before the House now the right to judicial review is explicitly carved out and denied to the people or organisations that would be affected by the decisions of the government and the minister in the future.

I also make the point that the reforms in this bill are not adequately funded. I do note that in the last federal budget there was $42 million set aside to secure critical infrastructure, but I suggest that it's patently obvious that to do this job properly we will need many multiples of that and we can't rely on existing government agencies, like the ASD, to raid their own existing budgets to implement additional safeguards. They need additional funding. I would certainly support that occurring.

Talking more broadly than just the provisions of this bill, I take this opportunity to say that the government has a lot more work to do. Yes, it does need to rework what we now know as the second bill, the bit that has been put aside. It needs to get that right. It needs to go slowly. It needs to work closely with all stakeholders. It needs to listen to their reasonable concerns and address all reasonable concerns. The cyberthreat to this country is too big an issue to not get right and to not properly fund. The government also needs to do much more work more broadly.

I did 20 years in the Army. I did a lot of work on vital asset protection and I well know you can't have a platoon of infantry soldiers on every vital asset in the country, or a battalion at every port, or a division along every strategic railway line. We can't do that in a practical sense so we have to be clever about the way we respond to the threats from nation states.

We also need to do much more work on other threats to our critical infrastructure. I'm talking about our physical infrastructure now, and the obvious example of that is, of course, our telecommunications infrastructure. We learned through the terrible bushfires of 18 months ago that our critical communications infrastructure is terribly, terribly vulnerable. In fact, the Australian Communications and Media Authority claim that nearly 1,400 telecommunications facilities were directly or indirectly affected during the 2019-20 Black Summer bushfires, during which the average outage was 3½ days and the longest was 23 days. Of course bushfires are going to destroy infrastructure, but there are all sorts of things we can do to make our physical infrastructure more robust. For example, better battery storage to cover outages in mains powers to phone towers, the purchase of more mobile telephony facilitates for mobile phones.

I do note that since the bushfires the government has put some more money into this, but, again, it's a bit like the funding for the reforms before House today about cybersecurity, it's not enough. We are kidding ourselves if we think we can throw several tens of millions of dollars at these issues and then sleep easy at night, that our technical and our physical infrastructure and our data are all safe. It won't be. We're up against forces that are very, very well funded. We are up against the climate which is becoming increasingly unpredictable and severe. We need to harden this country in all the ways we can and we need to be prepared to pay for it.

Also, when we're talking about the security of this country—this might be some way from the substantive matter before the House at the moment, but I actually think it's very relevant. If we are going to talk about cybersecurity and we are going to talk about hardening our physical infrastructure and things like being more robust against natural disasters, we have also got to talk, and in more detail, about all the other ways that foreign actors interfere in our sovereignty and in our national security, particularly when you look at national security in the broadest sense, which brings me to the issue, again, of reviewing the foreign investment provisions in this country.

It is a good thing, obviously, that the Treasurer said at the start of COVID that there would be a national security assessment of all foreign investment. But to the best of my knowledge, that was, or is, a temporary arrangement, tied very much to COVID and the risk of foreign actors, foreign corporates, raiding Australian corporates when they are vulnerable during COVID. I think that those national security safeguards should be permanent and apply all the time.

I think we should go a lot further when it comes to the conduct of the Foreign Investment Review Board and what the Treasurer and the government allows in the future. Here are a couple of ideas for you, Deputy Speaker. For starters, the Foreign Investment Review Board should apply much tougher scrutiny of investment that could adversely affect Australia's agricultural, business and property sectors, including the commercial property sector, as well as—I suppose this is the new bit—our cultural, environmental and heritage wellbeing. This scrutiny must apply equally to all foreign investors with no exemptions.

An example of a specific reform is that all purchases of agricultural land worth over $2 million should go to the Foreign Investment Review Board, instead of the current threshold of $15 million. And there needs to be greater reliance on land leases instead of freehold title. That last point is something that comes up with me constantly in my community. They're acknowledging this country was built on foreign investment and we need foreign investment. I'm not anti foreign investment. It's just got to be on our terms. That includes if someone wants to farm a substantial piece of farmland or broadacre prime agricultural land. Maybe that can be allowed, but it must be leasehold not freehold title. My constituents raise that all the time: lease farmland to foreign interests; don't sell it to foreign interests. The current business investment requirement that all acquisitions on an interest of 20 per cent or more in any Australian business valued at over $261 million should also be applied to all foreign investment instead of the current practice of allowing carve outs for favoured trading partners, including China—remember that we have some sort of trade agreement with China, apparently—Japan, Korea, Singapore, New Zealand and the United States. That was very free-ranging omnibus of matters connected with cybersecurity, but I maintain that my point is valid: the government needs to work harder to safeguard Australia's sovereignty and security.

When it comes to cybersecurity, let's properly fund what's before us today. Let's talk to stakeholders and ensure that concerns that still exist about the bill before the House today, including the fact that there's no judicial review of ministerial decisions, are addressed. Let's fix those sorts of things. The sign of a good government is one that is not pigheaded but instead listens to stakeholders, to the crossbench and to the opposition, takes on board all of the good ideas that come from all directions and implements them—and properly funds the measures before the House today. But it also needs to look at all the other ways in which we can safeguard Australia's national security, not just cybersecurity but also our defence arrangements, hardening our infrastructure against natural disasters and looking afresh at our foreign investment provisions. That's something that would be very appealing to a great many Australians. There are so many things we could be doing and need to be doing, not just the edgy things like cybersecurity that are getting all the publicity at the moment.

I'll leave it there. I commend the bill in essence, although it's flawed, and I look forward to the other half of the bill coming before the House, which needs to be much improved in what was in the original version.

Comments

No comments