House debates

Monday, 13 November 2023

Questions without Notice

Cybersecurity

3:10 pm

Photo of Josh BurnsJosh Burns (Macnamara, Australian Labor Party) Share this | | Hansard source

My question is to the Minister for Cyber Security. Following the cyberattack on DP World last week, how is the Albanese government taking action to uplift the cybersecurity of Australia's critical infrastructure?

Photo of Clare O'NeilClare O'Neil (Hotham, Australian Labor Party, Minister for Home Affairs) Share this | | Hansard source

In my role as Minister for Cyber Security, I'm not always able to get up and deliver positive news to the parliament, but we do have good news today. This afternoon, DP World announced that they are resuming operations at their facilities. Their expectation is that 5,000 containers will leave their ports today. The incident at DP World is the latest in a string of cyberattacks which have shaken our country, and this is why this is such a central priority for our government. The DP World incident also shows that some of the critical reforms that our government has put in place in the past 18 months are actually working.

Many Australians are probably not really conscious of the tremendous complexity that's involved in managing a cyber incident of this size. In the case of DP World, we have a company that manages 40 per cent of freight movements in and out of our country. The implications of a shutdown, even briefly, of the ports are very widespread, affecting most of the parts of the Australian economy.

In the instance of this particular cyberattack, the National Cyber Security Coordinator was on the ground effectively immediately, working with the company and across industries to help manage the impacts of this. The National Coordination Mechanism, which was triggered for the first time by our government in the context of the Optus attack, has been meeting daily to manage the impacts of this serious incident, and it's been able to also coordinate the Australian Cyber Security Centre in its engagement with the company and the Australian Federal Police.

It's really important for the parliament to understand that none of these mechanisms would have been possible without the reforms of our government and under the former government. But we're not satisfied with clearing what has been an impossibly low bar set by opposite in cybersecurity. Let's remember that they didn't even have a cybersecurity minister. Let's pause on that point for a moment. We've dealt with a lot of cyber incidents in the last 18 months. They didn't even have a minister who was clearly in charge of these issues.

We have implemented enormous reform in the 18 months that we've been in government. We have declared 168 critical infrastructure assets to be systems of national significance. We've commenced a very substantial, very important set of national cyber exercises, which help us flex and build that muscle. Indeed, today the government made two announcements about policy reforms that will be contained in the forthcoming national cybersecurity strategy. One of those is to introduce mandatory reporting requirements for ransomware attacks around Australia, and the second is to lift the requirements that we place on telecommunications companies to make sure that those telcos, which can do so much to affect the cybersecurity of every citizen in our country, are meeting their responsibilities. We've got a big mess to clean up here, but there's lots of work underway, and I'm proud of the work that's been done so far.