Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Australia's national security - does business have a role: WA Chamber of Commerce and Industry, East Perth.



Download PDFDownload PDF

Attorney-General The Hon Daryl Williams AM QC

Australia's National Security - Does Business Have a Role

WA Chamber of Commerce and Industry Level 4, 180 Hay Street, East Perth, 1.15pm, Friday, 6 December, 2002

Introduction

1. The protection of our national security is vitally important to all Australians. And all Australians must play their part to help keep Australia safe and secure. The Howard Government has taken strong action to protect the community against terrorism and will continue to do everything it can to prevent harm coming to Australians and Australian interests.

2. But it is not up to governments alone- every Australian can do their bit to help. We are in the process of developing a public information campaign to demonstrate how every person can help to keep Australia safe and secure.

And it is important to remember that business also has a significant role to play.

War Against Terrorism

3. The terrorist attacks of September 11 permanently changed the world security environment. And the Bali bombings in October brought home to us the reality of the terrorist threat in the most horrific way.

4. Just a few weeks ago, the Government received credible information of a possible terrorist attack in Australia at some time over the next couple of months. The information was non-specific as to location and non-specific as to time. But I can tell you that security has been significantly upgraded and it is being reviewed on a daily basis.

5. We have made this information public and we have asked members of the community to be vigilant - both in terms of their

personal safety and any suspicious activity that should be reported to police. The message is a simple one -we should not let terrorists disrupt our way of life, but we should be alert.

Australia's Stance Against Terrorism

6. Terrorism - and even the threat of terrorism - is an evil thing. It seeks to destroy the basic liberties, values and freedoms that are shared by all fair-minded people throughout the world.

7. Australia has made it clear that we will not give in to terrorism. We will not be bullied into silence by terrorist threats. And we will not be cowed into submission.

8. As a nation, we must realise that standing up to terrorism and standing up for what we believe in can carry certain risks. We now live in a far more dangerous and volatile world environment. Unfortunately, the threat of a terrorist attack on our shores has increased.

9. But I make no apologies for the stance the Government has taken. The alternative was to sit back, to be silent, to put our head in the sand and hope that the problem would go away. This was never an option. It is neither practical or responsible. And events around the world have shown that it does nothing to deter terrorists intent on destroying the freedoms and liberties that underpin democratic society.

10. Australia has done the right thing by standing up to terrorism. We have done the right thing by pledging our support to the United States and our allies. We have done the right thing by putting in place measures to protect the community. And we have done the right thing, by acting calmly and rationally, in giving our security and law enforcement agencies the tools they need to identify and punish terrorists and prevent terrorist activity wherever possible.

11. But governments can only do so much. Terrorism needs to be fought on many fronts. The support, advice, expertise and resourcefulness of the entire Australian community is needed if we are to fully protect and preserve our national security. The business community has a very real and important role to play in keeping Australia safe and secure.

Nature of the War Against Terrorism

12. The first thing to realise about the war against terrorism is that it is not a not a traditional war.

13. Terrorists are not a conventional military force and the fight against them is not carried out in a conventional or defined war

zone. Terrorists are an unseen enemy. They can strike anywhere and at any time. In many cases they have quite purposely targeted their attacks to disrupt economic activity and to undermine global economic confidence.

14. These attempts to challenge and destabilise our economic infrastructure pose an enormous threat to business and to national prosperity. If our economy is to reach its full potential, if we are to reap the rewards of economic growth, and if we are to continue to prosper as an innovative dynamic and resourceful nation, we must protect our critical economic infrastructure from attack. Critical infrastructure is a term used to cover both the physical and information economic infrastructure. In both these areas the cooperation and input of the business sector is vital.

Ownership and Responsibility for Protection of the Critical Infrastructure

15. The great challenge we face in protecting our critical infrastructure comes from the fact that the vast majority of it is privately owned or managed by State or local Governments.

16. To protect our physical infrastructure, such as our energy and transport sector, and to protect our information infrastructure, such as telecommunications and banking, cooperation is needed between a range of players.

17. For a variety of reasons, this cooperation can be difficult to achieve. Businesses are wary of sharing information with their competitors. And there is often a concern that commercially sensitive information may be accessed by other companies. I am aware of these concerns and I understand the importance of the privacy and confidentiality issues that need to be taken into consideration. But I also know that the Australian business community shares a collective resolve to fight terrorism.

Everyone in the business community has a vested interest in the overall protection of our critical infrastructure and the smooth functioning of the economy.

18. The issues associated with cooperation need to be looked at and overcome. I have asked my Department to ensure that any legal impediment to sharing information on security issues is identified and addressed. But, ultimately, it is up to business to provide the leadership and mutual goodwill that is needed to work together for the national good.

Business Government Task Force Critical Infrastructure

19. To work through the issues associated with infrastructure protection, the Government has established the Business-Government Task Force on Critical Infrastructure.

20. The Task Force met in Sydney in March. It brought together owners and operators of critical infrastructure from the business community, and representatives from the States and Territories and from Commonwealth agencies. It provided a forum for the owners and operators of critical infrastructure to examine the issues associated with protecting their interests.

21. At the end of the meeting a number of key security issues were identified:

o It was agreed that a trusted information-sharing network was needed to improve the strategic security response. And governments were asked to review information-sharing legislation to remove impediments and to address business concerns about confidentiality issues.

o There was consensus that a model of critical infrastructure assurance needed to be developed.

o And the Task Force resolved to identify ways to encourage investment in critical infrastructure security.

22. I am pleased to be able to tell you that all of these resolutions have been taken into account and many of them have already been acted upon.

23. The Government is serious about hearing the views of business. And we are serious about working with business to do everything possible to keep our critical infrastructure safe from attack.

24. The Government recently announced its response to the Task Force's recommendations. This includes the establishment of a Critical Infrastructure Advisory Council. The CIAC will report directly to me and will feed into Australia's counter-terrorism arrangements.

25. The Council will oversee the development of a new information sharing network or 'one stop shop' on critical infrastructure protection. This network will involve the Commonwealth, State and Territory Governments; State/Territory Police, and owners, operators of critical infrastructure and other key players. It will provide a much needed means for high-level communication between industry and government on security issues. Business will be represented by the banking and finance sectors - including the insurance industry; the emergency management, transport and

distribution sectors; by the energy and telecommunications sectors; and by the various utilities. Other industry sectors will be added over time as the network matures.

26. As well as working on economy-wide strategies, each sector will establish its own advisory group. These sector specific groups will give business leaders the opportunity to share their security experiences, to learn from their colleagues and to advise government on issues of particular concern.

27. In addition, the National Counter-Terrorism Committee is to report to the Council of Australian Governments today on counter-terrorism issues, including the protection of critical infrastructure. It is anticipated that COAG will consider a structured program for integrating security arrangements between the private sector, Commonwealth and the States and Territories.

Potential for Attack on Physical Infrastructure - Vigilance and Calm

28. Quite understandably, it is the threat of a violent attack on our physical economic infrastructure that attracts the most attention and generates the most concern among business and in the general community.

29. I want to repeat the message you have been hearing over the last few weeks. We must be vigilant. We must be alert to suspicious activity. And we must take sensible precautions to ensure that our businesses and our utilities are as safe as they can be.

30. As business managers you play a key role in ensuring the physical security of your operations. And this contributes to our overall national security.

31. As always, the State governments and emergency services will be the first responders to any threat to our physical infrastructure. And it is the State police who should be contacted if anybody comes across anything suspicious.

National Information Infrastructure

32. Closely related to the protection of our physical infrastructure is the protection of the national information infrastructure. The NII is the mass of information and computer systems that underpin our day-to-day activities.

33. Virtually every sector of our economy relies on information technology to function efficiently. Essential services such as banking and finance, transport and distribution,

telecommunications, energy and utilities, and emergency services would all be severely disrupted if their computer systems were compromised in any way.

34. The simple fact is that, our modern economy is becoming increasingly dependent on information technologies. The technological revolution has radically changed the way we do business, the way we produce goods and the way we deliver services.

35. These new technologies have many benefits, but they have also opened up new opportunities for criminal and terrorist activities. This poses new risks for national security.

36. Like physical attacks, cyber-attacks can take many forms and the consequences can be just as serious. Viruses, worms, and denial-of-service attacks all have the potential to wreak havoc across the entire economy.

37. Only a few weeks ago, the 13 root servers which are the backbone of the Internet were subjected to a short but intense distributed denial of service - a so-called D-DOS attack. This attack

brought down eight root servers and no-one yet knows who was behind it. It could have been a terrorist group, but it could just as easily have been a rogue 'hacker'. A teenager with minimal skills, a so-called 'script kiddie', can unleash viruses and worms and hack into systems with devastating results.

38. The NII can also be damaged by accident. It could be a disaster, such as the Longford gas explosion in Melbourne. Or it could be an inconvenience - say a backhoe cutting a cable and taking out telecommunications for a few hours.

39. I am pleased to say that, to date, there has only been one confirmed incident of sabotage to critical infrastructure by a computer. I am not so pleased to say that this incident happened in Australia. A disgruntled former contractor in Queensland

manipulated the computer management systems to interfere with the Maroochydore sewerage system.

40. This was - if you like - a civilian attack. We can not discount the possibility of terrorist attack on the NII.

Interdependencies - Management Responsibility to Protect the NII

41. No information or computer system exists in isolation. They are all underpinned by wider telecommunications systems and they all rely on electricity. A problem in one area can have a cascading effect across the economy.

42. As business managers, you have a direct responsibility to protect your firm's information infrastructure from attack. And as leaders of industry you have a broader responsibility to protect the Australian economy from being disrupted.

43. It is imperative that your organisation has adequate security in place to protect your valuable data. And it is imperative that the contracts you have with outsourcers and business partners adequately cover e-security issues.

44. You need to be aware of the risks to your businesses' critical assets. You need to manage these risks. And you need to adopt a holistic approach while understanding the vulnerabilities you inherit from your strategic relationships.

Early Warning Systems

45. We need to develop alert schemes to help to protect ourselves and our economy from the impact of terrorist strike. Such schemes are designed to warn businesses about potential vulnerabilities and attacks so that they can take steps to address the threats and take precautionary measures.

46. The Government is committed to the development of an alerts scheme and I believe it is something that industry supports and wants. My Department is now in the final stages of negotiations with the Australian Computer Emergency Response Team (AusCERT) to provide a scheme which will give subscribers early warning of potential vulnerabilities and attacks.

47. This scheme will be particularly attractive to small to medium sized businesses as it will be at no cost. In conjunction with the alerts scheme, there will be a complementary reporting scheme, so subscribers will be able to provide information to AusCERT. This information can be used to determine whether incidents are isolated or form part of a trend or reveal a widespread vulnerability.

48. I look forward to the scheme being up and running as soon as possible.

Government Initiatives

49. Providing a sound legal and regulatory environment to protect the NII and to combat cyber-crime and cyber-terrorism is the responsibility of the Commonwealth Government. And it is an area where we have acted decisively.

50. Business has a responsibility to protect and secure its information. But to do this effectively, Governments must have the appropriate laws and legal protections in place.

51. New laws are needed to cover new crimes. And the Commonwealth has acted to ensure the law is up to date.

52. Last year Parliament enacted legislation aimed at combating cybercrime. The new offences and law enforcement powers contained in the Cybercrime Act 2001 demonstrate the Government's commitment to protecting the NII from criminal and terrorist activity.

53. This Act gives federal law enforcement agencies the authority to investigate and prosecute groups who use computer networks to plan and launch cyber attacks.

54. Terrorists that attack or disrupt computer services and communication face a maximum penalty of 10 years' imprisonment.

55. A person using the Internet to hack into computer data with the intention of committing sabotage faces up to 15 years in prison.

56. And our police have been given new electronic investigation powers. Law enforcement officers can now compel someone with knowledge of a computer system to provide the key to encrypted data. The Act also allows for police to be given clear authority to search for evidence on computer networks extending across different locations.

International Relations

57. Australia is also acting at an international level to protect the NII. Because of the borderless nature of cyberspace, international relations are crucial to Australia's e-security policy.

58. Australia is playing a significant role in international developments in NII protection. Within the OECD, Australia chairs the Working Party on Information Security and Privacy, which developed the new OECD Guidelines for the Security of Information Systems and Networks released earlier this year. In the Asia-Pacific region, Australia has been active in APEC's Telcommunications and Information Working Group - APEC TEL. We are currently sponsoring a proposal to strengthen existing protocols and to encourage the setting up of new computer emergency response teams - CERTs - throughout the region. Australia is hosting an international conference on CERTs in Kuala Lumpur in March next year in association with the next APEC TEL conference.

59. Australia has also been holding bilateral and multilateral talks with the United States, Canada, New Zealand and the United Kingdom, on critical infrastructure protection. A large delegation from both government and industry took part in successful talks in Washington in June.

Conclusion

60. My message to you today is simple.

61. The protection of our national security, the protection of our physical infrastructure and the protection of our information infrastructure, is now more important than at any other time in our history.

62. There are rogue forces seeking to erode our sovereignty, to undermine our economy and to bring down our democratic traditions and institutions. We cannot let these forces succeed. We must confront them whenever they threaten us. And we must be vigilant against their aggression.

63. We can't change the fact that the world has been subject to a number of horrific terrorist attacks over recent years. Our job now is to protect the future. To do this we must put in place measures

to respond to the new level of threat and we must protect ourselves from any possible attack.

64. For business this means securing your own physical and information infrastructures. It means cooperating with other businesses to identify common problems, issues and areas for action. And it means keeping an open and constructive dialogue with government to make known your concerns and to receive meaningful and practical responses.

65. National security is everyone's responsibility. The Howard Government is absolutely committed to working with you to protect your businesses, to protect the economy and to keep Australia a prosperous and vibrant nation.