Senate debates
Monday, 26 September 2022
Questions without Notice
Cybersecurity
2:13 pm
James Paterson (Victoria, Liberal Party, Shadow Minister for Cyber Security) Share this | Link to this | Hansard source
My question is to the Minister representing the Minister for Cyber Security, Senator Watt. On 22 September Optus confirmed they were responding to a significant cyberattack. Can the minister outline what steps the government has taken to protect Australians who may have had private data stolen in this attack?
Murray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | Link to this | Hansard source
Thank you, Senator Paterson; I know cybersecurity is a matter you're genuinely interested in. I think all Australians were concerned to see this apparent cyberattack that occurred over the last few days involving Optus data, because Australians expect that when they hand over their personal data, particularly to corporations, every effort will be made to keep it safe from harm. As a result of this data breach, unfortunately it appears millions of Australians have been impacted in an unfortunate way. As Senator Paterson recognises, the information we have to date is that the breach involves people's names, dates of birth, phone numbers, email addresses, residential addresses and, for some customers, passport and drivers' licence numbers being for sale on the dark web. This is very concerning to many Australians. I note, however, that Optus has advised that while a wide range of data has been breached, according to Optus, payment details and account passwords have not been compromised. That is at least some saving grace for Australians who have experienced this.
Since the government was advised of this matter last Wednesday, 21 September, a range of government bodies have been working to contain the incident, including the Australian Signals Directorate, the Australian Cyber Security Centre and the Australian Federal Police. For obvious reasons, I won't go into the technical assistance and cybersecurity advice being provided to Optus, or the wider efforts to help protect Australians, but I can assure Senator Paterson and all Australians that hundreds of Australian government staff have been working long into the night and over the weekend to stem the damage flowing from this. I want to thank them for their efforts. The Minister for Home Affairs has of course been continually briefed since this issue commenced and I know also that the Leader of the Opposition was briefed today. (Time expired)
Sue Lines (President) Share this | Link to this | Hansard source
Senator Paterson, your first supplementary?
2:15 pm
James Paterson (Victoria, Liberal Party, Shadow Minister for Cyber Security) Share this | Link to this | Hansard source
I thank the minister for his answer and for also anticipating my first supplementary question; I'll move on to my second supplementary question. Why did it take almost three days for the minister to publicly respond, in the form of three tweets sent at three-quarter time of the grand final, to the most significant cyberattack in Australian history?
Murray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | Link to this | Hansard source
Thank you, Senator Paterson. I don't think that is a fair characterisation of the minister's response to this incident. As I say, a number of government bodies who are directly responsible for responding to these sorts of incidents were involved as soon as they were informed of it by Optus. I am assured that the minister herself was continually briefed and has worked with the agencies to stem the damage flowing from that. So, as I say, I don't think that's a fair characterisation of the minister's performance or approach to this. I am assured and I am very confident that she has done everything that is appropriate for her to do as minister.
Sue Lines (President) Share this | Link to this | Hansard source
Senator Paterson, second supplementary?
2:16 pm
James Paterson (Victoria, Liberal Party, Shadow Minister for Cyber Security) Share this | Link to this | Hansard source
It's now six days since one of the largest cyberattacks in Australian history occurred, and the minister is yet to publicly front up to speak about what action the government has taken or when it has taken it and to detail the actions the government has taken. When will the minister publicly hold a press conference to answer the questions that Optus users and Australians have about this issue?
2:17 pm
Murray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | Link to this | Hansard source
Again I completely reject the premise of Senator Paterson's question. In fact, any cursory examination of media regarding this subject over the last few days will see that the minister made a number of public comments about this incident, about her concerns about it, about the actions authorities are taking and about the additional reviews she intends to undertake in relation to cybersecurity.
Sue Lines (President) Share this | Link to this | Hansard source
Minister, please resume your seat. Senator Paterson.
James Paterson (Victoria, Liberal Party, Shadow Minister for Cyber Security) Share this | Link to this | Hansard source
On relevance. The question was: when will the minister hold a public press conference to answer questions about this matter?
Sue Lines (President) Share this | Link to this | Hansard source
I believe the minister is being relevant. He has outlined a number of media comments the minister has made. I will hand the question back to him; he has heard your comments.
Murray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | Link to this | Hansard source
I think it's somewhat ironic that we have a member of the opposition questioning this government's approach to cybersecurity. Let's not forget that when the opposition was in power, only one in four Commonwealth entities met the essential eight cybersecurity obligations in 2021, according to the Audit Office. The then government, now opposition, released a ransomware bill one year after the opposition released a discussion paper calling for a ransomware strategy. I think any independent observer would recognise a good performance—(Time expired)