House of representatives canberra, act wednesday 2 june 2021

Department of Defence

I thank the Member for Clark and the Member for Kennedy for moving this motion.

I well know their keen interest in this matter – and it is an interest that I share.

It is an interest that many Australians share.

Members may recall I made comments on this matter some years ago as a backbencher and these are views that I still hold.

Australians’ digital sovereignty is near and dear to my heart as it is the members behind me on this side of the Chamber as well.

Now it goes without saying Deputy Speaker, the use of mission data is critical to the successful conduct of Defence operations, both in war and in peace.

The way we manage our data security, our data management, is central to our ongoing relationship of trust with the Australian people – Which is why the Global Switch Ultimo data centre has been such a lightning rod in the public square.

I can assure the Members for Clark and Kennedy that Defence has migrated its most sensitive data to a purpose-built data centre.

Consistent with the whole-of-government hosting strategy, Defence data migrations of sensitive ICT data and assets was completed ahead of schedule and under budget prior to the expiration of the original Global Switch Ultimo lease in September 2020.

In fact Deputy Speaker, the most sensitive Defence data was removed from GSU in May 2020.

Defence is progressing work to migrate less sensitive and unclassified data assets to an alternative data centre, through a rigorous risk-based approach to ensure there is no adverse impact to Defence operations.

Additionally, Defence has comprehensive security controls in place at GSU to protect against compromise by a foreign power or other malicious actors.

I reiterate to the members, and for the benefit of the House: control and access to the data stored at GSU remains under the full control of the Australian Government.

The facility was designed with multiple layers of physical and cyber security controls.

Physical security arrangements are accredited by relevant government agencies and include 24/7 security presence, closed-circuit television monitoring, sensors and alarms.

The Defence Security Operations Centre provides 24/7 cyber security protection. A secure gateway provides further assurance to prevent unauthorised access – and in combination, these measures represent the highest level of security assurance.

Indeed, this is something I have repeatedly pressed to my Department.

Ronald Reagan – back in the ’80’s – made famous the Russian proverb, “trust but verify.”

Member for Kennedy, Member for Clark, I don’t just take the department official’s word as gospel, my eagle eye will be on this issue going forward and I will be seeking additional updates as I did last week because my concern is no different than yours.

I know the Minister for Defence is also keenly aware of this issue and we will both be monitoring this process carefully to ensure it happens as quickly as possible.

Again, the strength of our foreign investment rules and the fact that Defence retains full control of its GSU data provides the highest level of assurance as we complete the migration of the remaining Defence information.

The fact remains: consistent with the Whole-Of-Government Hosting Strategy, Defence has migrated all sensitive ICT assets from the Global Switch Ultimo data centre prior to the expiration of the original GSU lease last year.

Member for Clark, Member for Kennedy, had I been a decision maker many years ago this would never have happened, but I’m here now and we’re working through this problem.

Debate on this motion is a good place to make a few points on the importance that I place on Defence becoming a more data-informed organisation.

In the years ahead, data – and the management of data – will be critical to our nation’s security.

I have always been of the view that Defence needs to adopt a disciplined approach to how information is collected, stored, analysed and, most importantly, how data is distributed across the force.

A Defence Data Strategy is well in the planning to guide data management and improve data literacy. This is critical to Defence becoming a more mission-focussed organisation.

Data is critical. This is clear from the 2020 Defence Strategic Update, and the Defence Transformation Strategy – I’m sure, documents we have all read.

The Defence Transformation Strategy provides the vision and framework for the long-term, enterprise-wide transformation. This will enable Defence’s capacity to adapt as our strategic circumstances change.

And on page 36 the Strategy makes clear: “in developing the Defence Transformation Strategy, senior leaders emphasised that our Defence culture must recognise the criticality of data to everything that we do, and adopt a far more disciplined and deliberate approach to how information is collected, stored, analysed and applied in decision making processes.”

But at a more local level, there are things that all Australian can do to ensure we are strengthening our digital sovereignty.

We live in a data-rich world. This is a new reality for many Australians.

The internet is now the neural system of our lives and over the pandemic we have migrated much of our lives online – a whole host of services from news, to work, to social media. It is also important to our economy, and it’s the lifeblood of our democratic society.

Whilst our lives online presents many opportunities, it also presents threats and challenges.

Just as government organisations need to take data and cyber security seriously, Australians, too, can do their bit Deputy Speaker.

Many members would remember last year on July 1 the Prime Minister at the Australian Defence Force Academy, where he launched the Defence Strategic Update.

The strategic headwinds are blowing hard and we are straddling vast change in the Indo-Pacific region where we’re seeing greater geostrategic competition between nation states, we’re seeing militaries modernise, and we’re seeing the use of grey zone tactics to coerce states below the threshold of conventional warfare.

Cyber warfare and espionage are grey zone tactics used by nation states to undermine their competitor’s sovereignty and also to break apart habits of cooperation in the Indo-Pacific region.

Cyber is a new battlefield.

And whether we like it or not, we are all joined in an online contest to preserve our personal security but also our digital sovereignty as a country.

And we cannot be complacent.

I know the Government is not complacent.

Defence is not complacent.

No government has done more to strengthen the foreign investment rules in protecting our national sovereignty than this one.

I know the Member for Kennedy, and the Member for Clark won’t be completely satisfied, but this is a work in progress and we’ve done a lot over the last seven years.

No government has done more to strengthen our national security than this one.

And being the Chair of the Parliamentary Joint Committee on Intelligence and Security over the last four years, I’ve seen the body of legislation that has passed through that committee and into law from both Houses of this parliament.

We take these issues very seriously Deputy Speaker – and we are getting on with the job of ensuring that our critical data is safe, and under control.

I thank the Member for Kennedy and the Member for Clark for this motion and as always my office doors is open to you both, and anyone else who would like further information on this issue.

Thank you Deputy Speaker.

/Public Release. This material comes from the originating organization and may be of a point-in-time nature, edited for clarity, style and length. View in full here.