Loading

Thursday, 22 October 2020
Transcript

Address to the Sydney Morning Herald and The Age, National Security Summit

​​​​Topics: Keeping Australian's safe in Australia: Policy and approach from the current Government

EO&E...........................................................................................................................................


​​​

Good morning ladies and gentlemen.

I would like to begin by saying thank you very much to the Sydney Morning Herald and The Age for inviting me to contribute to this week’s Summit. It is a great pleasure to be able to address you today, albeit virtually.

COVID-19 has quite obviously complicated many aspects of our day-to-day working and personal lives as well. It has also further complicated what was already a complex and evolving national security and threat environment.

In recent months while we’ve contended with the pandemic, we’ve witnessed evolving international power dynamics, the emergence of new strategic threats, and significant changes in our economic and trade circumstances.

The unfolding global pandemic has necessitated a sharpening of the Australian Government’s focus on national security and resilience to external threats.

Today I would like to briefly take delegates through some of the key threats we are facing as a nation. The threats posed by cyber-attacks, online criminality, foreign interference and terrorism – none of this have gone away – in some cases the threat has only intensified.

For example, it would be a grave mistake to think that international travel restrictions have somehow banished the threat of terrorism and violent extremism from Australian shores.

The threat of terrorism in Australia remains unacceptably high. Since September 2014, Australia’s national terrorism threat level has been set at Probable. To be clear, this means credible intelligence, assessed by our security agencies, indicates that individuals or groups continue to possess the intent and capability to conduct a terrorist attack in Australia.

In the time since the threat level was raised, there have been 110 people charged as a result of 51 counter terrorism related operations around Australia.

Tragically, Australia has suffered seven terror attacks. It could have been much worse, with 18 major counter-terrorism disruption operations carried out in response to potential or imminent attack planning in Australia.

And while ISIL’s physical presence in Syria and Iraq has collapsed, its insidious influence has continued to endure. The threat of terrorism remains very real.

Online and digital communications continue to enable ISIL and others who are involved in terrorist activity and propagation of their evil message. They continue to recruit online and they continue to spread their message into the minds of young people as young as 13 or 14 years of age.

Terrorist organisations are also using these communications to teach followers how to commit atrocities and motivate returned foreign fighters to carry out violent attacks.

Since the Christchurch right-wing extremist attacks, the Australian Government has taken a number of steps to limit Australians’ and our exposure to terrorist and extreme violent material online, including introducing a criminal offence for content and hosting services providers that fail to remove access to abhorrent violent material expeditiously.

The Government continues to work with social media companies and industry bodies on a range of issues relating to online harms, including preventing terrorist and violent extremist exploitation of the internet and also countering child sexual exploitation and abuse.

We must remain alert to all types of extremism. Australia’s counter-terrorism laws and countering violent extremism programs are designed to apply irrespective of religious, ideological or political motivation.

The Government has consistently taken decisive action to keep Australians safe from any and all threats. Since August 2014, we have taken 20 tranches of legislation through Parliament to strengthen our response to terrorism and violent extremism – all on the advice of agency heads.

We are not resting on our laurels. It is crucial that Australia’s intelligence and security agencies have the tools they need to combat new and emerging threats to Australia’s national security to keep Australians safe.

Last month the Government introduced a Bill to establish an Extended Supervision Order scheme for high risk terrorist offenders.

The Scheme will allow State and Territory Supreme Courts to impose a broad range of conditions onto terrorist offenders released from custody. These measures can be scaled up and are proportionate to the risk an individual poses to community safety.

In May this year the Government introduced the Australian Security Intelligence Organisation Amendment Bill 2020 into Parliament. This Bill is designed to modernise ASIO’s powers and in doing so, improve ASIO’s capacity to respond to these threats.

It repeals ASIO’s more intrusive detention powers, and replaces them with a new compulsory questioning framework. The Bill contains a robust framework of accountability, including comprehensive oversight by the Inspector-General of Intelligence and Security.

The updated legislation is not only critical in responding to terrorism, but it also helps in protecting our national interests from malicious state actors.

Australia continues to be the target of espionage and foreign interference from a range of foreign governments and their proxies.

Almost every sector of our community is a potential target for foreign interference:

  • parliamentarians and their staff at all levels of government;
  • government officials;
  • business leaders;
  • our critical infrastructure;
  • the university and research community; and importantly
  • communications, media and opinion-makers.

Foreign interference is insidious. It has the potential to be highly corrosive to our open, democratic society.

Foreign interference activities are clandestine, corrupting, deceptive and often coercive behavior. Whether it is carried out by, or on behalf of a foreign actor, this interference strikes at the heart of Australia’s sovereignty, our values and our national interest.

Australia’s approach to countering foreign interference is not focused on any particular nation, but rather our core focus is on strengthening the sectors of our society which are most at risk.

We are working with partners both internationally and domestically to share information and to build resilience to foreign interference in vulnerable sectors. For example, we have developed guidelines in cooperation with the university sector to better protect our world-leading universities’ and their resilience to interference.

The Government it taking other concrete practical steps to protect our sovereignty. Since 2018-19 we have invested $145 million to bolster our response to foreign interference. We have also created new criminal offences and increased transparency around foreign influence-prone activities.

In April 2018, we appointed the first National Counter Foreign Interference Coordinator, charged with coordinating a whole-of-government response to foreign interference. They are supported by the Counter Foreign Interference Coordination Centre in the Department of Home Affairs to increase outreach to at-risk sectors, States and Territories, and our international partners.

In response to intelligence and widely publicised global trends, we have established a network of federal agencies to support the integrity of Australian electoral activities. This includes the Australian Electoral Commission and our national security agencies.

Last year we established a Counter Foreign Interference Taskforce to disrupt and deter foreign interference activity. This multi-agency taskforce is led by ASIO and has already carried out operational activity.

Australia’s critical infrastructure is a prime target for foreign interference and other malicious activity. We are continuing to see an increase in attacks targeting infrastructure and systems that are essential to our way of life.

As I say, no part of our society is immune from these threats. In the past two years we have seen cyber-attacks on federal Parliamentary networks, logistics companies and universities – just to mention a few. Internationally, we have seen cyber-attacks on critical infrastructure including water services and airports.

The potential consequences of a successful attack could be catastrophic. A prolonged and widespread failure in the energy sector, for example, could cause knock-on disruptions to other essential systems including medical, transport, traffic management systems, banking services or even the supply of food and groceries.

There is no consideration of morality by these malicious actors and that’s an important point to understand. They have ramped up activity during the COVID-19 and in our country and indeed around the world, healthcare providers and medical research facilities have been the target of cyber-attacks.

On 8 May, the Australian Cyber Security Centre issued an advisory on Advanced Persistent Threat actors targeting health sector and organisations within that sector and their response to COVID-19, particularly those providing essential services.

On 17 July, Australia declared its support for the Joint Cyber Security Advisory by the United States, the United Kingdom and Canada, which detailed malicious cyber activity by Russian actors targeting organisations involved in developing COVID-19 vaccines.

Businesses operating in key medical and grocery supply chains have also been targeted.

We need to harden our networks against these threats. That is why the Government recently announced an enhanced security framework, which will strengthen the nation’s resilience and ensure we can act decisively in a genuine emergency.

This proposed framework was detailed in the Protecting Critical Infrastructure and Systems of National Significance consultation paper, which we released only a couple of months ago.

The framework was designed to enhance the security of critical infrastructure, and the supply chains they depend on from all hazards, including cyber-attacks.

The proposed framework requires critical infrastructure entities to secure their operations against cyberattacks and risks arising from physical, personnel and supply chain security. This will be supported by sector-specific requirements, according to the risks and circumstances faced by each sector.

It includes enhanced cyber security obligations for those entities most important to the nation. These obligations centre on a strengthened relationship with Government and
seek to enhance Australia’s situational awareness of the cyber environment, including by sharing threat information, participating in cyber security exercises and co-developing incident response plans.

Partnerships are central to Australia’s resilience. Together, Government and critical infrastructure entities will benefit from these reforms. The Government has been working with industry, academia, and state and territory governments to design the detail underpinning the framework and which entities the reforms will apply to.

The response to the consultation paper has been very strong and supportive. The Department of Home Affairs received more than 190 submissions and met with over 2000 people during the consultation phase. The Government is considering the feedback and the submissions that we’ve received.

This is a complex policy area. Decision makers need to consider systems interdependency, including the potential for a domino effect in the event of a compromise; and vulnerabilities within and between systems.

While private industry has obligations to protect critical infrastructure, some threats are too sophisticated or disruptive to be handled alone. And so the Government will provide assistance in response to immediate and serious cyberattacks on Australian systems. We will provide support to those companies.

Through these reforms, Government and industry are working together to do what is necessary to keep the lights on, the phones connected and clean water running.

While protecting critical infrastructure is a key focus, the Government is also concerned about the growing use of the internet for a range of other malicious and criminal purposes.

The COVID-19 pandemic has highlighted how much we now live and work online. We trust and rely on the internet for healthcare, business, education, entertainment, social connection and, yes, online shopping.

Adversaries are using different types of techniques to obtain access or modify networks without authorisation.

Cybercriminals are using phishing and spearphishing emails to gain access to a network, including through compromising user credentials or installing malware after a recipient clicks on a malicious link or attachment.

Some of these actors are then using the dark web to buy and sell access to Australian computers, networks and identity information to facilitate further crime.

As more and more activities are conducted online, malicious cyber activity against Australia’s national and economic interests is also increasing in frequency, scale, sophistication and impact.

Only in August this year, the Government announced a comprehensive strategy to build Australia’s cyber security and resilience.

The 2020 Cyber Security Strategy commits $1.67 billion in funding to protect Australia from cyber threats.

This includes $1.35 billion investment to enhance the cyber security capabilities and assistance provided to Australians through the Australian Signals Directorate, the Australian Cyber Security Centre and our other agencies through the Cyber Enhanced Situational Awareness and Response package.

It also includes investment of almost $90 million to bolster the Australian Federal Police’s capability to disrupt cyber criminals, including through new target development teams and 100 new officers who are dedicated and are experts in that space.

The Cyber Security Strategy recognises that everyone has a role to play in creating a more cyber secure Australia—Government, businesses and the community.

The strategy acknowledges the role of business, and the need for business to address common cyber security threats to protect themselves and their customers. The Government will support this goal by introducing a program to equip trusted organisations with cyber toolkits to assist small and medium businesses to become cyber secure.

The Government will focus on critical threats and the most sophisticated actors, while ensuring a baseline level of cyber resilience across the economy.

The Government must also look closer to home, and do more to protect its own systems. The new Secretaries Digital Committee is progressing the Hardening Government IT program, with outcomes this financial year to include the establishment of Cyber Hubs to strengthen Australian Government network defences.

While online and digital communication technologies have certainly developed rapidly and provided new opportunities for criminals, our laws haven’t always kept pace with technological advances or realities. This can significantly inhibit law enforcement agencies’ and their ability to protect our community.

The dark web is a particularly grievous demonstration of a law enforcement online blind-spot. It is the sewer of the internet, and it has become a hotbed for child abuse.

The number of child abuse material files downloaded on the dark web has risen dramatically during the COVID-19 pandemic. There was a 163 per cent average increase in the number of files downloaded from April to June of this year compared to the same period in 2019.

Through pay-per-view arrangements, a buyer can watch—in real-time—a child being sexually molested via livestreaming services. Even worse, they can pay to direct the abuse. And we know that every five minutes a webpage shows a child being sexually abused.

The human cost of course of such vile criminality is beyond anyone’s comprehension. It is also often difficult to bring perpetrators to justice.

Under current legislation it is almost impossible for law enforcement and national security agencies to undertake the early investigative steps necessary to identify serious criminals on the dark web. This must change and under this Government it will.

We’re developing legislative reforms to strengthen our agencies existing capabilities and ensure they have the powers needed to identify and disrupt threats to the safety of Australians. This is particularly important in protecting the most vulnerable members of our community.

New encryption and anonymising technologies are only making matters worse. They will allow paedophiles, terrorists and a whole variety of criminals to further obscure their true identity and their malicious activity.

The proposed implementation by some businesses of ubiquitous end-to-end encryption will hinder efforts to tackle online crime, including child sexual abuse.

This month, the Government joined our Five Country partners, along with the Governments of India and Japan, in signing the International Statement on End-to-End Encryption and Public Safety.

We are calling on technology companies, including Facebook – but not just Facebook – to design their systems so they are safe, so they cooperate with law enforcement by providing lawful access to encrypted communications and engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.

Facebook would not allow in their workplace the abuse of women or children and yet they provide a platform that enables perpetrators to carry out that very activity.

The Government is working closely with international partners to defeat this scourge, to make sure that we can modernise our international crime cooperation, including through a CLOUD Act Agreement with the United States, where most of the world’s largest communications and technology providers are based.

The agreement will enable Australian law enforcement and national security agencies to go directly to foreign communications service providers to obtain the data they need to investigate and prosecute serious crimes, including terrorism.

Ladies and gentlemen, the Government is working hard to protect Australia’s national security.

We are working with industry and international partners to shine a light into the shadowy corners of the dark web, to disrupt offending and bring criminals to justice.

We will not tolerate cyber-attacks on Australia’s industry, our businesses, our government or our people. We are strengthening cyber security and we are fortifying the critical infrastructure that we all rely on.

We are taking steps to counter the foreign interference which grates against our democracy and seeks to foster community unrest. And we are resolute in our determination to protect Australians from the dangers posed by extremist ideologies.

The Australian Government remains absolutely vigilant to the risks before us and steadfast in our commitment to protecting Australia’s prosperity, our security and our way of life.

In closing, I thank the Sydney Morning Herald and The Age again for the opportunity to participate this morning, and wish you all the best for a successful remainder of the Summit.