Federation Chamber
25 October 2021

I rise to speak on this important motion before the House regarding cyberattacks. I thank the member for Fisher for raising this in the parliament and recognise all the contributions so far. This is an issue that I think unites us all: keeping Australians safe. Ransomware attacks are now the biggest threat facing the Australian government, businesses and our broader community, according to the Australian Cyber Security Centre, who warn that these attacks, where criminal groups deny access to an organisation's IT systems and data until a ransom is paid, are becoming more sophisticated and far more damaging than ever before. Ransomware is the most common breach of an organisation's data security. Increasingly savvy cybercriminals now target organisations, extracting hundreds of thousands of dollars from each successful attack and helping to drive small and medium-size enterprises out of business. Australia is not alone in this crisis. The former director of the US Department of Homeland Security Cybersecurity and Infrastructure Security Agency recently told the US House Committee on Homeland Security that ransomware is the nation's top cyber threat. Globally, security firm MC Soft estimates that the global cost of ransomware attacks in 2019 was at the very least US$42.4 billion and is likely to be closer to US$169.7 billion. Here in Australia these attacks are estimated to cost our economy at least US$1.1 billion.

It's difficult to capture the full scope and scale of these attacks, both globally and here in Australia. But these numbers show us that action is necessary to combat this threat. We need a national ransomware strategy. This issue isn't going away anytime soon, and it cannot be up to the private sector and Australian organisations to fight this threat alone. While organisations have primary responsibility for their own cybersecurity, the government does have tools at its disposal that could help reduce the risk for Australian organisations and lower the overall volume of attacks here in Australia. These include regulation making, law enforcement, diplomacy, international agreement making, effective cyberoperations and the imposition of sanctions. These interventions can make Australia less attractive overall to cybercriminals by increasing risks for attackers and attaching significant cost to targeting Australian businesses and organisations.

With a strong basis of deterrence, the federal government can shore up our national cybersecurity by assisting stakeholders to increase their resilience against such attacks. These interventions are important, because we know that ransomware attacks do not exist in a vacuum. The actions of one organisation can shape the nature of the threat faced by others. When an organisation decides that it's in its own best interests to pay a ransom, that increases the resources available to ransomware crews to mount further, more-sophisticated attacks against other targets.

When a series of organisations from particular countries or particular industry sectors make ransomware payments, it can create a reputation that these countries or industries are valuable targets, increasing the number of future attacks. Whilst network security might be an organisational challenge, ransomware is a threat that requires collective action in response. This is where our federal government must step in and deploy a policy and regulatory framework to mitigate the risk of ransomware. We need a comprehensive national ransomware strategy with the aim of reducing the attractiveness of Australian targets to cybercriminals.

While I'm here, I want to highlight a local business in my electorate of Oxley that is making strides in this field, Cryptoloc. Cryptoloc's patent technology ensures that businesses and their customers can interact securely. While most encryption solutions only use one algorithm and two keys, Cryptoloc's patent technology combines three different encryption algorithms into one unique multilevel, multilayer process, and requires three different key pairs located in three separate locations to decrypt protected data. Hailed by Forbes as one of the 20 best cybersecurity start-ups to watch in 2020, Cryptoloc's technologies can be deployed across a wide range of applications, including file storage, document management and counterfeit prevention, and detection solutions to protect businesses and organisations against attacks.

Cybersecurity is only going to become more and more important as our world becomes increasingly digital. Businesses like Cryptoloc are leading the way when it comes to risk mitigation and attack prevention. There is no silver bullet against these attacks. Cybercriminals will continue to evolve their strategies. We need to ensure that we are evolving with them, and that our government is agile enough to face the cybersecurity challenges today and— (Time expired.)