The Hon Clare O’Neil MP with Telstra CEO Vicki Brady and Air Marshal Darren Goldie
Subjects: National Cyber Exercise Program, Multiple organisations working together in the event of a major cyber incident, The Voice Referendum
O'NEIL: Good morning everyone and thank you so much for joining us. I'm here with our National Cyber Coordinator Air Marshal Darren Goldie and Vicki Brady who is of course the CEO of Telstra.
The three of us are here today on what is very close to the first anniversary of what was the biggest cyber attack in Australian history, that is in September last year the attack on Optus.
That began really what has been a watershed year in cyber security for our country where we have experienced the three biggest cyber attacks, data breaches that affected the lives of the majority of the Australian population.
What this last year has shown us is that when we arrived in Government just over a year ago Australians were unnecessarily vulnerable, and we were fundamentally unprepared for the cyber world that we were living in.
That has changed. Over the past year our Government has been working assiduously to make sure that we are doing everything we can to protect Australians from this problem, to make sure that we build layers of protection around citizens and small business, and make sure that fundamentally we're a safer country.
Now I'm here with two people who are very much engaged with the task of making sure that this occurs. We appointed the National Cyber Coordinator because it was very clear when the Optus attack occurred that the Australian Government needed to be doing a better job of its cyber incident response and coordinating the activities of the Australian Government better.
One of the reasons that we're here today is because we are trying to build and flex a cyber incident response muscle that didn't exist before we came to Government. This is the third in our national cyber exercise program. We have done an exercise with aviation, we've done an exercise with financial services, and today we focus on telecommunications.
Our telecommunications providers are pivotal to our lives as Australians. The exercise today will be working with lots of telcos, all of the people that would be involved in a very significant cyber attack on one of our telecommunications providers. And what we'll be doing is talking about how we will respond if an incident like that occurs and how we will work together to make sure we protect Australians.
If I could just say one more comment and then I'll hand over to Vicki to speak a little bit about Telstra's role.
The cyber attacks that we have experienced over the last year have been absolutely awful, and I know that they have affected the lives of very many Australians. I also want Australians to understand that it can get a lot worse than this. We have had very significant data breaches but what we need to think about and prepare for as a country is the shutting off of critical infrastructure in our country. Think about what would happen if our electricity grid is disrupted, if our water supply is disrupted. These are real feasible possibilities as we look to the years ahead and it is right and responsible that the Australian Government is preparing for them.
I'll hand now to Vicki to say a few words.
VICKI BRADY: Thank you, Minister. Just to reinforce, from Telstra's perspective we do have a unique view of what's happening in the cyber landscape and certainly over the last few months we've seen a further increase in activity, and it ranges from, you know, very sophisticated, well‑resourced attacks all the way through to high volume but less sophisticated attacks.
From our perspective we're constantly on heightened alert to be able to protect ourselves but also protect our customers.
We also are very aware that no single organisation can do it on its own, and we have a responsibility to work collaboratively and that's collaboratively across industry and with Government.
Cyber security, it sounds cliche, but it is really a team sport, and it is an example where industry and government come to the table with really unique insights and capabilities and underscores the importance of today's simulation.
What we'll undertake will give us the ability to really test our capabilities of how we prepare for, how we protect from and respond to potential impacts of cyber attacks.
It's something we do regularly as Telstra as an organisation, but as I said that ability to simulate cross industry and work together to be able to respond appropriately is such an important thing to undertake, so looking forward to the simulation and today's activity.
Let me hand across to Air Marshal Goldie.
DARREN GOLDIE: Good morning ladies and gentlemen. There's no secret that cyber security continues to pose an increased threat to all Australians. Like floods and fires it's important as individuals, as businesses and as sectoral groups and Government we're as prepared as we can be.
Today is an important part of that journey preparation where we are working with the telco sector in establishing what more we can do to prepare for a major cyber incident, as well as how we'll respond.
I look forward to seeing how the exercise goes today and what lessons we learn as a Commonwealth that we can implement in the future.
Thanks, Minister.
CLARE O'NEIL: Fantastic, thank you. Any questions?
JOURNALIST: What does the exercise look like?
CLARE O'NEIL: We're here today to plan out and map what all of the actors involved in a major attack on telecommunications networks in our country would entail. What that means is we'll go through a scenario, it's a top secret scenario that's been developed by intelligence officials and it will take us through how an attack on telcos in our country would unfold and who would need to do what and when to make sure that Australians were kept safe and that services continued to be delivered during that experience.
It's really important that we undertake this type of preparatory work. What we are trying to do here is build and exercise a cyber muscle of resilience against cyber attacks. So we're here today. This is our third major exercise. We've conducted one on aviation, one on financial services and we're here today with our friends and partners in telcos to make sure that we can protect Australians when cyber attacks inevitably do happen.
JOURNALIST: Is it just a one-day exercise?
CLARE O'NEIL: So the exercise today will be a one-day exercise, but this is a part of rolling cyber national exercises that Air Marshal Goldie, our National Cyber Coordinator, is in charge of. We are going through all of the critical and key networks of services that Australians rely on so that we can build and flex this muscle when cyber incidents do occur, as they will occur in future.
We want to make sure that the Australian Government and all of our partners in industry are prepared for it and make sure that we can manage them in a way that doesn't affect the safety and lives of Australians.
JOURNALIST: What kind of investment has the Government made in this?
CLARE O'NEIL: So we have made an investment in establishing the role of the National Cyber Coordinator. The National Cyber Coordinator has a number of functions but one of the really important ones is trying to build and flex a muscle of cyber incident response so that when we have cyber incidents in our country we're able to get back up off the mat quickly and make sure that Australians are protected and strong.
JOURNALIST: Do you think a one-day scenario is enough to make proper change?
CLARE O'NEIL: Yeah, so this is not just a one-day scenario and it's certainly not the only thing that we're doing about cyber security in our country. In fact if I can bring you back to when the Government was elected, there was not even a cyber security minister under the previous Government.
Since we have been in power there has been an enormous amount of effort put into improving cyber security across our country. We have made up easily five years of policy work just in the last year. That's included the appointment of a National Cyber Coordinator, a person who frankly should already have existed before we came to Government.
It's included setting minimum cyber standards across key industries across the Commonwealth. It's included reforms to the Privacy Act so that when your data is breached companies pay if they are responsible. And it has also included the development of what is going to be a very important policy document for our country, that is the National Cyber Strategy and we'll be releasing that before the end of the year.
JOURNALIST: What are the companies involved in today's exercise?
CLARE O'NEIL: So we've got Telstra, Optus, all of the major telecommunications companies are here, as well as people from across the national security apparatus of the Australian Government and of course Air Marshal Goldie who will Chair that forum.
JOURNALIST: What do you hope the biggest takeaway is?
CLARE O'NEIL: So what we've found with the previous cyber exercises is that we have learnt an enormous amount just from going through a step‑by‑step scenario of what will happen and when as a cyber attack unfolds of this nature.
Some of the things that we've seen in previous exercises that we've done is that companies can find new ways to work together and collaborate to better prepare for these type of attacks.
Often it's not very well‑understood what the role of Government would be during a cyber incident of this nature, and so really having everyone in the same room is incredibly powerful.
One other thing I would just mention is that for better or worse personal relationships actually matter a great deal in this, and one of the things that's very helpful in these exercises is actually getting all the people who would be involved in a crisis response into the room to discuss and prepare for it beforehand. They know each other, they've got a pre‑existing relationship and when they do need to work together in an emergency scenario they're actually already at that point where they've got that relationship.
JOURNALIST: Just one maybe for Vicki. How much has the threat of these attacks increased in the last 12 months?
VICKI BRADY: Look, I mean it's always been a dynamic landscape and so, yes, we've certainly seen an increase in activity and that's why we put an incredible amount of focus on our own capabilities internally, our teams, our systems, the technology we have sitting behind this to protect our perimeter, protect ourselves, help protect our customers.
And importantly, beyond cyber activities also the scam activity that's going on. Again, we've got a big focus there around our cleaner pipes initiative where on a monthly basis at the moment we're blocking around nine million calls, we're blocking around 20 million SMSs and about 280 million inbound emails to our Big Pond customers.
So it's a constant fight and you've got be moving and making sure you're deploying all of the capabilities and technology that we've got at our disposal.
JOURNALIST: What's the biggest threat would you say? Is it the data breaches, the scam calls, the texts? Which ones are the main concern?
VICKI BRADY: I mean to be honest they're all at the forefront of what we're thinking about. Of course, I think about it as protecting our perimeter from these criminals that are trying to get inside, and that's protecting our business but importantly protecting our customers.
And then absolutely, the volume of activity in the scam space is huge, as I just talked about. Some very big volumes incoming.
JOURNALIST: And how different is today's exercise compared to what you do on a day‑to‑day basis?
VICKI BRADY: Yeah, so we do run these types of exercises internally. We run them very regularly. And I think as the Minister just spoke to, that ability to bring people in the room who in the event of a real incident are going to have to work together in a crisis, it's just invaluable.
JOURNALIST: And how have you expanded your own team I guess in the last year since the Optus hack?
VICKI BRADY: Look, we've always had a very well‑resourced team in our cyber security area and so we've continued to make sure as we've looked at where the risk level sits. We are always constantly investing in the capabilities and in the technology to be able to best protect us and our customers.
JOURNALIST: Would you say you're a bigger team than last year?
VICKI BRADY: It's probably grown a little bit over the year just given the threat landscape having increased.
SPEAKER: Any more questions?
CLARE O'NEIL: Maybe I'll just make one other supplementary point to what Vicki's talked about there. Beyond Telstra we have a cyber threat landscape where we are seeing persistent, growing and more dangerous cyber threats every day.
We heard one of our big banks say last year they are subjected to 50 million cyber attacks a month. The Australian Taxation Office subjected to three million cyber attacks a month.
What we are trying to do as a Government is make sure that the focus of that threat is not on individual citizens and small business but instead on the people in this system who have got real capacity to reshape the threat landscape for ordinary Australians. And that's why it's great to be here today with Telstra and other telco companies to talk about how we can make that partnership work better.
JOURNALIST: Sorry I’ve got one more. Which demographic is most at risk of these attacks?
CLARE O'NEIL: I'll say something about that and then invite Vicki and Darren to say something too.
One of the things that's really clear from this is that there are some particular communities in our country that are more vulnerable, and it does tend to be elderly people who are perhaps not as au fait with the digital economy as the younger ones, and people who are from multicultural backgrounds.
I talk to a lot of people in these communities who express genuine depth of fear about how they are going to manage this in their own lives, and what I would say to those people is that we don't want this to just be down to you.
We have a cyber threat landscape which is growing more prolific and more dangerous and one of the things we're pushing to do as a Government is trying to take the pressure off businesses, off ordinary Australians, and make sure that companies and Government are doing everything they can to make our country safer.
VICKI BRADY: Yes, and just reinforcing what the Minister has just said. In terms of what we see, absolutely there are some cohorts of customers that we see tend to be more vulnerable to these sorts of attacks.
But I would just caution everyone. I mean they get increasingly sophisticated, so we are seeing younger Australians who are very digital savvy, very used to engaging in that environment, and these criminals are clever at being able to be attractive to different demographics and cohorts.
So I do think there's the work that's happening at an industry level, at a Government level, at an individual organisation level, but that ability too as individuals to be well‑informed and to be a bit wary of things you receive and not clicking on links I think is incredibly important for every person across the country.
CLARE O'NEIL: Thank you. I might just make a brief comment, if you don't mind, about a really disappointing interview that the Leader of the Opposition did on radio this morning just with regard to The Voice. And I would say to the Leader of the Opposition we are trying to have a good faith discussion with the Australian people about something incredibly important to our country and that is the way that Indigenous Australians are not getting the same life chances as other Australians, and we have an opportunity to do something about that in a referendum that we will vote on in October.
Now the Leader of the Opposition has an obligation to be honest and act in good faith. He is talking now about running a second referendum. He is saying things that frankly are demonstrably untrue. This is not helping the debate. We want to have a good faith discussion with Australian citizens about something that really matters here, and I would ask him to join us in this conversation.
Okay, thanks so much everyone, really appreciate it.
