Welcome everybody. It's great to see so many industry leaders here alongside the Government's cyber security advisers. It’s good to be here with my parliamentary colleagues, Gai Brodtman was acknowledged but of course the Minister for Home Affairs, the Minister for Defence, the Minister for Law Enforcement and Cyber Security.
The number one priority for my government and indeed for every government is the safety and security of the nation. In 2016, I committed to improve Australia's cyber resilience and make all Australians safer online. And we're doing that through our landmark Cyber Security Strategy.
Today's opening of the Australian Cyber Security Centre in this custom-built, custom-designed building, with a classified and unclassified section, is designed to enable the Cyber Security Centre to reach out to and engage with the private sector, with industry. Critically important, it’s a milestone in the implementation of our strategy.
It represents our commitment to the online safety of all Australian families and businesses. And it fulfils the core principle of our strategy; genuine government and industry collaboration. By working together, government, law enforcement and industry partners strengthen our nation's cyber resilience right across our economy. It’s critical in a world where new threats are always emerging.
Since the release of the 2016 Cyber Security Strategy, the cyber threat landscape has shifted and evolved dramatically. I want to take this opportunity today to update and inform all Australians on the magnitude of the threat we face and the Government's response.
Criminal networks and malicious foreign actors are using increasingly sophisticated technology to steal our intellectual property and interfere with our institutions. Attempted attacks are occurring every day. Billions of cyber events orchestrated by criminal, and indeed nation state actors are aiming at the very heart of the Australian Government, business and our public life. It is a global threat. Nation states are among the worst and most consistent offenders, persistently targeting Australian institutions across government and business.
Since 2016, ransomware attacks like WannaCry have targeted critical infrastructure systems, including hospitals.
Thirty three Australian universities were targeted by an Iran-based spear-phishing campaign as part of a sophisticated attempt to steal intellectual property and academic research.
Russian-backed hackers successfully infiltrated western political institutions in a bid to influence elections.
And cyber criminals continue to target the bank balances and personal data of some of the most vulnerable members of our community.
Now the impacts of this hostile cyber activity are reported almost daily. Recent estimates suggest the global cost of cybercrime is around $600 billion this year. In Australia, the estimated cost to business and individuals is $7 billion.
At the same time there has been a rapid growth in the number of connected devices in our homes and businesses.
As I said when I launched our Cyber Strategy two years ago, the Internet is the most transformative piece of infrastructure ever created. It has changed the world, it has changed history and indeed, it's changed us. You only have to walk down a street and see people glued to their smartphone and you can see that everyone is becoming part machine because of the ubiquitous nature of the Internet. It’s transformed the way we learn, it’s transformed the way we remember and it also raises the question of how will we forget?
The average Australian household now has over 17 devices connected to the Internet and download volume has increased by around 43 percent between 2016 and 2017.
Now, at its genesis the internet was built as an open system and security was very much an afterthought.
The challenge we face is this; the same qualities that enable us to freely harness cyber space for our prosperity, education and commerce, can also provide an avenue for those who wish to do us harm.
The Internet of Things - this is where every device is connected to the Internet, where so much of our lives will be determined and protected by sensors – this Internet of Things has the potential to bring enormous economic opportunity. But it also means that cyber criminals have more ways to attack us where we are most vulnerable. Those vulnerabilities are compounded by a lack of cyber awareness across a range of industries and even government agencies, on the importance of implementing basic cyber-hygiene practices.
Things have improved somewhat, but I remember when we founded Ozemail many years ago, which was the first probably, or the first big Internet service provider in Australia, and we constantly tried to remind our customers of the importance of security. You’d be amazed how many people’s passwords were “password”, or “computer” or “Internet”.
Some of the more sophisticated ones nominated their dog’s names. Dogs have very common names.
It’s amazing how many devices connected to the Internet have a username of “admin” and a password of “0000”. In other words, the default has not been changed. So there's a lot of really basic hygiene and I want to acknowledge the Australian Signals Directorate and the great work they’ve done, together with the Cyber Security Centre, in really reminding people of very basic things they can do to make their systems safer.
Now all of this, increasing cyber attacks, has the hallmarks of, you could say, a perfect cyber storm. But we must not and will not wait for a catastrophic cyber incident before we act to prevent future attacks.
The warnings from our agencies on the threat are very stark. We have to strengthen our defences. We must strengthen our cooperation, which is why we're all here today. We can and we do successfully repel many of the phishing, malware and denial of service attacks against government and business. But we don't stop them all.
Our investment here today is a signal of our intent. There is no room for ‘set and forget’ when it comes to our national security. And as the threats evolve, so must our response.
One successful cyber attack is one too many. We have to present a strong and united forward defence and malicious cyber criminals and foreign actors, states, foreign states, must know that there will be consequences for targeting Australia. They should think again.
We will always work with our allies and partners to shine a light on malicious activities and call them out publicly. We will always deliver the reform and the investment required to ensure that our agencies are working in lockstep with business and the community.
Now we've already established the Department of Home Affairs to strengthen our domestic national security.
We passed legislation to make the Australian Signals Directorate an independent agency.
We've launched the joint Cyber Security Centres in Sydney, Melbourne, Brisbane and Perth to protect critical infrastructure against malicious cyber activity.
And this dedicated Cyber Security Centre will lead and coordinate responses to serious cyber incidents.
Just two nights ago at 3:00am, we saw a great example of the centre's ability to deliver early warning at speed. The team received information about a risk to computer chips manufactured by Intel, the world’s largest chip manufacturer. A new rapid response capability swung into action, providing organisations with the information they needed to prevent their systems being compromised. Within ten minutes the Australian Cyber Security Centre had notified government agencies and critical infrastructure providers around the country. Indeed, this type of rapid response is a regular occurrence for this ACSC.
Since I put in place the National Cyber Security Strategy the ACSC has responded to over 14,000 incidents at a rate of more than 16 a day. So the new centre here brings together our Government’s operational cyber security capabilities in one location, to share threat information and expertise to combat expanding cyber security threats.
The ACSC will also develop a new digital platform - cyber.gov.au - giving Australians a coordinated end-to-end advice reporting and response capability. This trusted source of cyber security will be more interactive than current sites, particularly when lodging reports of an incident or a scam.
Cyber.gov.au will consolidate existing incident reporting mechanisms for businesses and individuals and provide actionable intelligence for responders. The Centre will be constantly alert, monitoring the online environment as we were just shown, 24 hours a day. Critically for the first time, our intelligence and law enforcement agencies will be co-located with industry partners in this shared state of the art facility.
My vision for this Centre is to see programmers, cyber analysts, business advisors, policy officials from states and territories working side by side towards a common goal; cyber resilience across the country. The Centre will help us to collaborate and find joint solutions to the most complex cyber security challenges now and into the future.
Gone are the days of information silos, ignoring threats and withholding news of system compromises from the people it affects.
We - and by that I mean government and industry - have a shared responsibility to build resilience, transparency and trust into our online systems. We have to work together if we’re to shift the dial against malicious cyber activity towards zero, or to at least become resilient to them.
So I want to commend those organisations which are already committed to this shared responsibility particularly through the Notifiable Data Breach Scheme. Since the Scheme began in February, we've received over 300 data breach notifications with more than half of those breaches resulting from malicious or criminal cyber activity. The scheme encourages a stronger standard of personal information security in Australia, which is a cornerstone of trust in our online systems.
Trust in the systems that underpin our digital economy are the key to future innovation. So this new facility will drive cyber resilience - absolutely critical - so that we can realise all of the promise of prosperity and opportunity in the digital age.
The cyber sphere cannot be a lawless zone. The rule of law must apply there, as it does offline. We must ensure that we use all of our ingenuity, all of our innovation, all of our ability to collaborate with others to ensure that we keep Australians safe online and this Centre is a very bold step towards achieving that goal.
Thank you very much.