Shadow home affairs minister Karen Andrews has reintroduced the former government’s ransomware bill without significant alterations and criticised the Albanese government for a lack of action on cybersecurity reform.
The private members bill was introduced to Parliament on Monday, just days after a significant data breach at Optus exposed the personal information of 9.8 million customers.
The bill was initially introduced by the Coalition government in February but was not debated before parliament was dissolved in April, ahead of the election. The broader action plan was announced in October 2021 and was welcomed by Labor at the time.
If passed, amendments to three pieces of crime legislation would include the introduction of a maximum imprisonment of 10 years for criminals using ransomware as well as a 25-year maximum imprisonment for those targeting critical infrastructure.
It will also give law enforcement the power to seize cryptocurrency and other digital assets involved in a ransomware incident. The amendments would also ensure the seized assets are “available for action under the Proceeds of Crime Act 2002”.
Digital assets are defined as any “digital representation of value or rights” that are evidenced cryptographically and are stored and transferred electronically through distributed ledger technology or through a similarly “cryptographically verifiable data structure”.
Ms Andrews argued the “ready to go” legislation would not have an impact on the federal budget as it only gives law enforcement agencies additional tools to “pursue and prosecute ransomware gangs and track, freeze, and seizer their illegally and dishonestly acquired gains”.
She also said the Albanese government has failed to take “sensible practical action” despite their claim that the threat of ransomware was urgent while they were in opposition.
“I did not see any mention of ransomware legislation in their first 100 days, and certainly no legislation has been presented in this place. There have been plenty of reviews, summits but where is the sensible practical action?” Ms Andrews said.
“The most sensible thing that they can do today is to put their pride and their ideology aside and support this bill in the national interest.”
She highlighted that Labor did not propose any cybersecurity policies in the lead up to the federal election and described Minister for Home Affairs Clare O’Neil’s appointment as Minister for Cybersecurity as “just symbolism”.
Ms Andrews also stated that the proposed amendments were part of “a suite of reforms” to strengthen cybersecurity and law enforcement capabilities that the previous Coalition government wanted to introduce.
She claimed that “the government has indicated that they are basically tearing up the cybersecurity strategy 2020 which was a $1.67 billion investment over 10 years”.
Deputy Chair of the Parliamentary Joint Committee on Intelligence and Security and Liberal MP Andrew Wallace also spoke in support of the bill. He argued that the Albanese government “essentially agreed to its contents whilst they were in opposition … This is a bill that they should be supporting”.
Mr Wallace also noted cited estimates that the ransomware incidences in Australia cost “as much as $2.59 billion each year”. According to the Australian Cyber Security Centre, nearly 500 ransomware cybercrimes were reported in financial year 2020-21.
A report by Verizon found that the number of ransomware attacks jumped by 13 per cent last year, which was larger than the previous five years combined. Losses to ransomware and malware scams reported to the Australian Competition and Consumer Commission’s Scamwatch in 2021 totalled $1.2 million, which was an increase of 1,482 per cent on the previous year.
Last month, former Telstra chief and chair of the government’s Industry Advisory Committee on Cyber Security, Andy Penn, talked down the need for legislation, despite urging the former government adopt a “clear policy position” last year.
Do you know more? Contact James Riley via Email.