Mr Tony Burke (Watson, Australian Labor Party, Minister for Employment and Workplace Relations) Share this | Hansard source

I thank the member for Bean for the question. This afternoon I'll be introducing a package of cybersecurity legislation. I want to pay tribute to the Minister for Housing, who was involved in a whole lot of the development of what will be introduced in the House later today. There are a number of measures in there, but I want to focus on just a few of them. There's one about smart devices, there's one about ransomware and there's one about limited use.

With respect to smart devices, one of the things that many of us will have in our own homes is a series of devices connected to the internet which, if hacked, provide access into our homes. Some of us will have smart speakers. Some of us, for example, will have robotic vacuum cleaners. Many would have seen the story that was published on the ABC online during the week of a robotic vacuum cleaner capable of being hacked and that can, effectively, provide video coverage inside somebody's home.

At the moment, we have no way as a government to be able to provide minimum standards that provide consumer protection and that also provide protection nationally in terms of cybersecurity if any of these items are hacked. Sometimes the hacking of one item can actually provide a gateway through to everything else within a household. Some items, for example, are still sold where the default password is the word 'password', which, if somebody doesn't bother to change, creates an obvious problem in terms of the security of everything that might be connected to the internet in that house. So the legislation today will allow the government, for the first time, to be able to provide minimum standards that will provide that protection that the nation needs in terms of cybersecurity. But also, realistically, the same sort of protection delivers for households, in terms of their own privacy.

As for ransomware, there are a couple of ways that ransomware attacks occur. Sometimes, it's the theft of information and a threat to publish it and sell it on the dark web. On other occasions, it's where a ransom attack in fact gets hold of a system and locks it down. In either situation, the government's advice is always against the payment of ransomware attacks, but we would now at least have, where people decide that they will pay the ransom, a mandatory reporting process, so that the government is better able to monitor and get on top of where those attacks are coming from.

The limited use provisions are about, when a business has an attack, making sure that the business—when they provide information to the government, which we might seek to help them with the cyberattack—doesn't think the government is then going to use that information for a series of other purposes.

The bill, of course, because of its national security nature, will go to the intelligence committee. There have been briefings that have happened in advance with the opposition as well. It's one of those examples of cybersecurity which is very much in the national interest.

See this speech in context