CLARE O'NEIL: Great, thank you. So, thanks all for joining me this morning, and I'm going to share an update for the Australian people about the IT outage that occurred yesterday, that as many Australians would have experienced, caused very significant disruption to a range of services that are offered around the country.
What I'll cover off today is a few things. I'll just explain in the simplest language possible what has actually occurred here. I'll speak a bit about how the economy is responding and the phase that we are at at the moment, and then I'll talk a little bit about what we ask of Australians to do today and throughout the rest of the weekend while this incident is resolving itself.
So, firstly, what has occurred here, can I just be really clear and say this is not a cyber security event. What has happened here is an IT outage that has been caused by an error in an update provided by a company which provides cyber security software for most major economies around the world.
And that's why for Australians you would have seen on the news yesterday that the sort of outages and issues that we've seen here in Australia are being felt in most major economies around the world.
The company in question here is CrowdStrike. CrowdStrike is an American cyber security company. For companies that provide this kind of service to customers in major economies, the way in which they provide updates is by pushing updates out to their customers. They sometimes do this, you know, once a week, sometimes it will happen multiple times a day.
What has occurred here is that, as we understand it, at about 2.09 pm Australian Eastern Standard Time yesterday, CrowdStrike issued an update, an update to a sub‑set of their customers. That update had an error in it which caused effectively system outages for computers that it was pushed to, so computers that were online at that time.
The fix for this, as I am advised by CrowdStrike, was provided not long after that event, so not even an hour and a half after that event CrowdStrike had found a remediation for the error and sent remediation instructions to customers. The issue here is just the breadth of people that were using this particular software and the time it is taking to build and bring major systems back online.
So as with any issue with a software provider, if you're a user of this system, your primary point of contact for technical support is actually CrowdStrike. I've spoken with CrowdStrike multiple times, they're doing everything that they can to bring systems back online as fast as possible.
So let me speak a little bit about how the Australian economy has responded. I think all Australians are aware that there were some significant issues yesterday afternoon. Most of those had actually resolved by yesterday evening, and the Australian economy is now very much in a recovery phase.
So what do I mean by that? For most customer‑facing systems, most companies that use CrowdStrike are fully operational, but we are seeing some teething issues.
So, if I can just give you some examples. Woolworths, for example, shelves are fully stocked, we don't have any food shortages, there's nothing to be concerned about of that nature. Woolworths has, I'm advised, all of its doors open today, but some of the tellers and some of the checkouts may not be open in all of the supermarkets around the country.
At the same time with airlines, we've seen our major airlines are back online, but there might be internal technical difficulties, for example, baggage handler systems communicating with the front of the terminal.
So what do we want Australians to do today? Well, one of the things I know about our great country is that Australians pull together at times like this.
What I would say is that a lot of Australians will probably go about their weekend without noticing any particular impacts, but we do want people just to be thoughtful. If you're travelling, for example, make sure that you're building in a little bit of extra time.
What I would say to people is please be patient. Don't take this out on the staff at your supermarkets if you have to wait a little bit longer, it is absolutely not their fault, and what I can see around me is a lot of people who are working as hard as they can to get things working again for Australians.
There is something critical that I would like to ask Australians to do today, and that is be really careful and be really on the look‑out for attempts to use this to scam Australians and to scam small businesses.
So, what we are seeing some reporting of is attempts to conduct phishing through the incident that's just occurred. So if I can just explain what that means. What we are hearing is that some small businesses, in particular some individuals, are receiving emails from people who are pretending to be CrowdStrike, or who are pretending to be Microsoft and are indicating that you need to put in bank details to get access to a reboot, that you need to pay money, that you need to put your personal details in so that your systems can be brought back online.
Could I ask all Australians to be really cautious over the next few days about attempts to use this for scamming or phishing.
Now here's what we want you to do: we use the Scamwatch four step protections for people. The first is stop. If you see an email, if you see a text message that looks a little bit funny, that indicates something about CrowdStrike or IT outages, just stop, don't put in any details.
If someone has called you and is suggesting that they're going to help you, talk you through a reboot of your system, I would hang up the phone. The trick that scammers are always trying to use here is trying to find ways to keep you talking and keep you giving out your personal information.
So the first piece of advice is stop. Don't give any personal information and certainly don't put in any bank details or money.
Then just step back and think. Have a look at the communication that you've just received and just ask does it make sense for you. Your bank is not going to ask you to put your bank details in. If you're ‑ you know, if you're not a CrowdStrike customer as far as you're aware, you do not need to reboot your systems, so just have a think about whether it makes sense.
Then protect. If you have given away some personal information, just make sure that you're contacting your banking institution, for example, and making sure that you let them know that you're concerned about a phone call or an email that you might have responded to.
And the final thing is to report. So this is a moment where we can help our fellow Australian citizens. If someone has tried to scam you, they are trying to scam others in all likelihood. You can help protect your citizens by jumping online, go to the Scamwatch website and just report back what's happened so we can make sure that the Government can continue to alert people as we move forward.
So let me just finish with a couple of words about the response from governments around Australia. You're probably aware that the National Coordination Mechanism has been triggered. This is the means by which the Australian Government coordinates crisis response throughout business and throughout governments around the country. That organisation has now met twice, and I joined both of those meetings.
What I can tell you is that Emergency Services are online from each state, 000 is fully functional. What I have heard from governments around the country is there are some small teething issues, as I mentioned before, but by and large, services are fully back up and running.
And if I can just say that I deal with quite a bit of crisis, as you know, in my portfolio responsibilities as Home Affairs and Cyber Security Minister. One of the things I always observe in situations like this is that when the chips are down, governments around the country, businesses and other organisations put aside any differences that they might have and work really uniformly to try to protect Australian citizens and to continue to provide services to them, and that's certainly what I've seen in the last period of time we've been dealing with this.
So, I'll pause there and go to questions.
JOURNALIST: Minister, you said that what happened last night is ‑ the updates are timed to US time. That obviously doesn't inconvenience Americans but can inconvenience us. Do we need Australian companies to be less reliant on single overseas vendors and do we need laws to that effect?
CLARE O'NEIL: Look, one of the things I think's really clear here is that we're in an economy that's digitally interconnected all over the world, and that helps us in a lot of ways. It makes things faster, it makes things more seamless, in many ways it makes things more efficient, but I think we do have moments like this where we step back, and we see that it creates vulnerabilities too.
We saw that absolutely during COVID where, you know, the long period of time, that globalisation had broken down different barriers became a bit of an issue for lots of countries when they relied on global supply chains.
What I would say is I think there is a conversation here about what needs to be done when we have so many companies around the world who are reliant on one particular provider of technology.
But I would also say that as with my cyber responsibilities, as I've often said to Australians, it is not feasible or possible for any government around the world to say that we're never going to have IT outages and we're never going to have cyber attacks.
One of the things that we need to continue to get better at as a nation is how we respond when things do create problems for us like we've seen in the last period of time.
Now we've done a lot of work and put a lot of resources into assisting the Commonwealth with crisis management. This has really helped us at periods of time, and I would say as Australians, we have this really long history of emergency management expertise that comes out of what is a, you know, a history of natural disasters that we've had in our country for as long as Australia has been around.
One of the things that does is it gives us really good experience with crisis management, and as I said, this is something the Australian Government and Australian people are really good at. Things do go wrong sometimes, and at those moments I see Australians pull together, and that's what I've seen since this event occurred yesterday afternoon.
JOURNALIST: You said that they fixed the issue within an hour, but it took them about six hours to put out a public statement.
CLARE O'NEIL: Yeah.
JOURNALIST: Was that too long, do you think they need to be more under foot on that?
CLARE O'NEIL: Yeah. So I think there's going to be a time for CrowdStrike to come forward and account for the problem that occurred and the way in which the remediation has occurred. The Australian Government, of course, will look at what's occurred post this event.
Our focus right now though is making sure that we get services back up and running. Our obligation to Australian citizens at a moment like this is to bring together all of the parties who are affected and make sure that everyone's working together to protect Australians and get services back up online that they are used to relying on, and that's our focus today.
JOURNALIST: You haven't really mentioned any critical infrastructure. We know that a lot of our hospitals, particularly out west in Victoria were impacted. Do you have an update on those critical infrastructure, energy, health?
CLARE O'NEIL: Yep. So not to specific hospitals and specific companies, and I'd ask you to go to them if you're interested in understanding the specifics. What I can tell you is the broad scope of the way in which this has affected different industries and where they are up to today.
So, the National Coordination Mechanism, as I've said, has met twice, once yesterday evening and once this morning. The National Coordination Mechanism brings together effectively critical infrastructure providers from around the country in areas as diverse as airports and airline providers, banking and payment system, you mentioned health, logistics, liquid fuel, media, retail, transport, water and any other service really that Australians at home would rely on for their everyday living in our country.
One of the things that we saw yesterday was some quite significant issues in airports, in other parts of the economy, but I can tell you from the report that I received from the parts of the economy that I mentioned there this morning, those really big problems have been resolved. For most sectors of the economy everything is functioning.
All I would just say is that there are still some teething issues. So often this is relating to big organisations where parts of their IT system need to communicate with each other, and that's why I'm saying things like, if you're travelling, just think about building in a little bit of extra travel time. If you're going to the supermarket, just expect that you might be waiting a little bit longer at the checkout. These are the sorts of teething problems that we will see, but we are absolutely in a recovery phase now, and those really significant impacts that some Australians were affected by yesterday afternoon are largely resolved.
JOURNALIST: The vast majority of critical infrastructure survived and 000 kept functioning. What was it that actually saved them from being disrupted?
CLARE O'NEIL: Sorry, can you repeat that one?
JOURNALIST: Most of the critical infrastructure kept functioning as it should. What was it that kept it online?
CLARE O'NEIL: Well, that's a really good question. So, the question here is about why we didn't see even more severe impacts in critical infrastructure, and what I would just say is that for providers of critical infrastructure in our country, they must have business processes that are resilient and can withstand incidents like this.
So even, for example, in our hospital system, there will be a mechanism within the hospital to recover quickly from an incident, and even in some instances to move to paper‑based mechanisms. I can't give you a commitment that that's happened in hospitals, but certainly with other sectors of the economy, they're ready to shift to paper‑based if they need to.
This is part of running big important businesses in our country, and it's certainly what we expect. So, there will be a couple of reasons why some providers weren't affected at all. Some of them will not have been running the system of CrowdStrike that this affected, so this did not affect all types of CrowdStrike systems, but just some that had interactions in software internally in their systems, so some of them won't have been affected, but for others of them, they will have been affected, but they've got good business processes that allow them to continue to function.
And I'd say that too for government services. I, you know, understand that there will be government services that have been disrupted since yesterday afternoon, but I would also say that we are good at making sure that the services that are most important, that deal with vulnerable people, that are around Emergency Services, are able to function even if we see issues like this.
JOURNALIST: Defence Signals Future Fund have contracts with CrowdStrike.
CLARE O'NEIL: Okay.
JOURNALIST: Have they been affected, and will you now look at those contracts?
CLARE O'NEIL: So, I'll get Defence to answer those questions for you. As I say, I'm able to talk broadly about the way in which different sectors are affected, but for specific organisations you do need to speak to those organisations.
JOURNALIST: Is the National Coordination Taskforce going to meet again, and is there any estimate on how long the prevailing effects of this are going to last?
CLARE O'NEIL: So will the National Coordination Mechanism meet again? That's just a question of necessity. So, everyone who is involved in this process is ready and willing to continue to talk together. I would say at the meeting this morning things were very different to where we were last night. Last night we were still in the thick of it and people were still managing quite significant IT issues. When we met this morning, as I said, the majority of big system‑wide impacts have been dealt with. What we are dealing with now are niggles and other issues which may create significant delays and other issues for Australians. I don't want to downplay it, but those big system‑wide problems have largely been resolved.
We have a plan to meet again tomorrow, but that will just depend on whether people still need the support and advice from parts of the economy as we have in the last 24 hours.
JOURNALIST: Do you have an estimate of cost on how much this has cost the Australian economy yet?
CLARE O'NEIL: Not at this stage.
JOURNALIST: Do you think businesses will be eligible for compensation, or is that just something they sign up to?
CLARE O'NEIL: Yeah. Yeah. Again, very respectful of these questions. This is a really significant incident that's occurred here, and there will be a long run of discussions about what we've learned and who is ultimately culpable. Those are not questions for today.
Our big focus at the moment is making sure that Australian citizens can get access to the services that they rely on, and that's the work that's being done at the moment.
JOURNALIST: Certainly we need to get better in terms of our response, by thinking and saying, "This isn't going to happen", is that simply every business needs to be ready to shift to these paper systems, or have back‑up systems like we saw in Emergency Services? What does that response look like in your ‑‑
CLARE O'NEIL: Okay. I'll just answer this, and then this will be our last question.
So, it's absolutely clear.
JOURNALIST: There are questions on the phone too, please, Minister.
CLARE O'NEIL: Okay, yep, we'll just have one from the phone. Thank you. So, I think you're asking really important questions here about what it means for us to live in a digital economy where we've got really inter ‑ strong interconnections, not just in Australia but with businesses all over the word, and we really need to think about two things here.
One of them is just how much we can protect ourselves and be resilient here within different businesses in Australia, but something that I've talked about a lot in my role as Home Affairs and Cyber Security Minister is remediation and making sure that when we get hit we can get back up off the mat quickly, and that is a necessary part of our domestic security and our functional existence in a digital age in this country.
Now I think we've got some really good mechanisms in place. The National Coordination Mechanism, for example, was called quickly. It is a very effective forum for us to bring together the parties that are affected by an incident like this, but I certainly wouldn't say that we're not continuing to learn, and this is something that Australian Governments are going to continue to push and continue to get better at. That's the obligation we have to our citizens.
Okay, I'll take one from the phone.
JOURNALIST: Thanks, Minister. It's Chloe Bouras from Channel 10. I have two questions. Firstly, and I do appreciate everything you've said about it being recovery and still very early in the process, but you did have those big organisations and players around the table. Is there any indication so far on how much money this has cost the economy and whether those big organisations want your help to seek compensation for it?
Second question, is this the world's Y2K moment 24 years late?
CLARE O'NEIL: Okay. Thanks, Chloe, and I like your slipping in of two questions there, very clever. So, to Chloe's questions, so I would just be really clear. The Government's got one priority at the moment, and that is making sure that Australian citizens get access to the services that they need, and that we're doing everything we can to help the economy get back up on its feet, and that is what is occurring.
There is no question that there is going to be an extensive conversation from here about the cost to companies, to consumers, about CrowdStrike and how it has handled this matter. Those questions are for another day. Our focus at the moment is citizens, and that is absolutely appropriate just for this period.
As for the size and scope of this event, I've seen it reported that this is the biggest IT outage in world history. It is absolutely possible that that's the case, certainly the largest in the time that I've been alive.
What I would say is that this has been a very serious incident for the Australian economy, and what I have seen is governments and businesses and other organisations pull together at speed to make sure that we're doing everything we can to support our citizens.
That is something that I see time and time again when we manage crises in our country, and I want Australians to understand that. There is huge goodwill and commitment, and I think we're making a lot of progress here. Okay. Thanks everyone.
