Mr Tony Burke (Watson, Australian Labor Party, Minister for Employment and Workplace Relations) Share this | Hansard source

I move:

That this bill be now read a second time.

This bill is the second in the cybersecurity legislative package. It seeks to amend the Intelligence Services Act 2001 to legislate a limited-use obligation on the Australian Signals Directorate (ASD). This provision is similar to the limited-use obligation to be imposed on the National Cyber Security Coordinator under the Cyber Security Bill.

We're all aware of the realities of our strategic environment. Malicious cyberactors are quick to exploit critical vulnerabilities and consistently adapt their already disruptive tactics to extract maximum gains. The speed with which cyberthreats spread and evolve means that no single organisation or person can effectively defend against all threats alone.

The ASD is the first point of contact for organisations experiencing a cybersecurity incident. However, the ASD has observed a lack of trust from entities that the information provided to them will be used to assist industry in responding to, mitigating or resolving a cybersecurity incident, rather than for regulatory purposes. The limited-use obligation in this bill provides industry with the legal assurance that they can engage and provide information to the very agencies the government has established to help them prepare for and respond to cybersecurity incidents.

The limited-use obligation in this bill will protect the information voluntarily provided to, or acquired or prepared by, ASD during an impacted entity's engagement in relation to a cybersecurity incident or vulnerability.

The limited-use obligation will make it clear that the ASD may only on-share this information for a permitted purpose and that on-shared recipients can only use that information for a permitted purpose. The obligation is not a safe harbour for industry. It won't exempt an organisation from complying with their existing legal and regulatory obligations.

However with this measure, alongside the establishment and clarification of the role of the National Cyber Security Coordinator, we will ensure government and industry can work together to communicate with transparency and confidence, making our responses more efficient and based on real-time insights. Cooperation on a national scale is one of Australia's greatest advantages against malicious cyberactors.

The government will refer this bill and the others in the package to the Parliamentary Joint Committee on Intelligence and Security and will consider any recommendations that committee makes.

I extend my thanks to staff at the Australian Signals Directorate for their diligence in developing this bill and I commend the bill to the chamber.

Debate adjourned.

See this speech in context