Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
 Download Current HansardDownload Current Hansard    View Or Save XMLView/Save XML

Previous Fragment    Next Fragment
Tuesday, 22 October 2002
Page: 5580


Senator LUNDY (2:15 PM) —My question is to Senator Alston, the Minister for Communications, Information Technology and the Arts. Does the government agree that, with the heightened terrorist threat posed to Australia, there is a greater need to concentrate on the security of electronically held information and the protection of national information infrastructure? If so, what has the government's E-Security Coordination Group and the National Office for the Information Economy done in response to the most recent report on Internet security by the Australian National Audit Office, which found that the government's level of Internet security is insufficient? Given that the Australian reported on 27 August that 57 per cent of medium and large Australian companies spend less than $30,000 annually on e-security, why isn't the government leading by example and implementing policies to encourage greater emphasis on this issue?


Senator ALSTON (Minister for Communications, Information Technology and the Arts) —I am sorry that Senator Lundy was not here at the time of the last budget, because if she had been she would be aware that the Attorney-General, the Minister for Defence and I jointly announced an allocation of $24.9 million over four years for a strategy to protect Australia's critical infrastructures and to increase public confidence in the security of online transactions. That allocation goes to the National Office for the Information Economy, the Attorney-General's Department, the Australian Security Intelligence Organisation, the Defence Signals Directorate and the Australian Federal Police.


Senator Faulkner —You're not answering the question.


Senator ALSTON —I have been asked what the government is doing about it, whether there is a greater need to provide coordination and what the response has been from the E-Security Coordination Group and NOIE, and I have just been in the process of explaining that. Senator Faulkner, you were obviously not here at the time of the last budget either. So, instead of boycotting very important functions of the parliament, you might spend a bit more time in your office going through these issues.


The PRESIDENT —Minister, I ask you to direct your answer through the chair and not to respond to interjections.


Senator ALSTON —I was sorely provoked, Mr President. The government is working to create a secure and trusted environment, through its own strategies to assist Commonwealth government agencies to improve their resilience to electronic security attacks and through the work of the business-government task force on critical infrastructure. The government has created a new working group focused on creating a culture of security across agencies. The working group will report directly to the E-Security Coordination Group and is developing a work program designed to assist agencies to become more secure by employing relevant security tools and strategies.

On 11 September, the working group ran a seminar which addressed e-security in the Commonwealth government context and was attended by representatives of 62 government agencies. The workshop was held to assist agencies in their compliance with the ANAO's best practice guidelines for online security. These guidelines and the associated checklist are based on the Protective Security Manual and the Australian communications electronic security instructions. The business-government task force on critical infrastructure protection—consisting of the CEOs of some of Australia's major infrastructure owners, senior officers from companies and representatives of state and federal governments—met recently, and again the main object of the meeting was to obtain business input into the assessment of current arrangements. A number of very important issues have been addressed by the task force, and the full report and recommendations have been presented to the government for consideration. I think it is fair to say that we certainly cannot overestimate the importance of these issues. Clearly, all government agencies are expected to continually review and, if necessary, upgrade their protective arrangements. But, in terms of a whole-of-government approach, in that budget decision and the flow-on, we have ensured that there is the maximum degree of coordination and, obviously, ongoing attention to these important issues.


Senator LUNDY —Mr President, I have a supplementary question. Given that e-security has been of specific concern in the US government since at least as early as 1998, why has this government chosen to risk vital sections of Australia's economy and infrastructure by waiting so long to address this important issue? I am glad the minister mentioned the budget. How can this government claim that $24.2 million provided in the budget for the protection of our national information infrastructure—or a mere 32c per man, woman and child in Australia—will be sufficient to protect these sectors, when the United States government is spending around $A28 per head of population? How can the government justify leaving the protection of critical national information infrastructure to a self-regulatory regime implemented haphazardly by private interests?


Senator ALSTON (Minister for Communications, Information Technology and the Arts) —I know it does not suit Senator Lundy's agenda, but the reality is that the private sector has an important role to play. But, ultimately, government has to take its own decisions in relation to its own security arrangements, based on the best advice that we get from all the specialist agencies. We are in the process of coordinating that as well as taking advice from the task force. The amount you spend depends on the level of need. I am sure you know that, but obviously it suits your purposes to ask silly questions suggesting that somehow the Americans are spending more money than we are and that therefore we should be spending as much as they are, presumably pro rata, without any regard to the level of need. Anyone who has been to the US would know that they have massive needs and they probably regard themselves as a very high risk target. I have had discussions with them about these issues. In fact, they will tell you that something like 70 per cent of IT hacking occurs from inside the firm. (Time expired)