Topics: Launch of Australia’s National Plan to Combat Cybercrime, opening of new AFP Cybercrime Centre, ongoing work of the Morrison Government to strengthen Australia’s cybersecurity resilience.
JUSTINE GOUGH: I would like to welcome you all and welcome especially the Hon Karen Andrews MP, the Minister for Home Affairs. Welcome also to Commissioner Reece Kershaw APM and to all who are present here this morning. I would like to show my respect and acknowledge the Gadigal of the Eora nation, the traditional owners of the custodians on this land, and pay my respect to elders, past, present and emerging. I would also like to extend that respect to Aboriginal and Torres Strait Islander people present today. I’d now like to invite the Hon Karen Andrews MP, the Minister for Home Affairs, to say a few words. Welcome, Minister.
KAREN ANDREWS: Well, thank you very much for that introduction. It is an absolute pleasure to be here today. Cybercrime is a very significant issue that the Morrison Government has been tackling for quite some time now. Our support for the Australian Federal Police has been demonstrated through our commitment to the equivalent of $1.7 billion in funding. So, we are making sure that the Australian Federal Police is in the best possible position to ensure that they are well and truly prepared to fight cybercrime. A couple of years ago, in 2020, the Morrison Government released its Cyber Security Strategy. Cybercrime was a key part of that. Since that time, as the Government, we have been working very closely with our law enforcement agencies, such as the Australian Federal Police, but also with other agencies across the government, to ensure that we are rolling out the strategy and – particularly – focusing on cybercrime. So, today I’m here to launch the National Plan to Combat Cybercrime. It was endorsed late last week by my counterparts across Australia, so the Police Ministers from States and Territories around Australia. That plan to fight cybercrime is now available on the Home Affairs website. What it does is set out the government’s strategy to deal with cybercrime, to support our industries, to be able to grow online, to build wider confidence in the digital economy and to ensure that there are safer online spaces for our children. So, what it does is set the scene for the continued rollout of our Cyber Security Strategy, of which a key part is cybercrime. So, I’m delighted to be able to but here today for the launch of this facility. It is a very significant facility. This is where we’ll see the Australian Federal Police leading on cybercrime here in Australia, working with other State and Territory police forces, working with industry, importantly, to make sure that Australians are protected from cybercrime. As a government, we have made a number of significant advances with our legislation to provide the Australian Federal Police with the tools that they need to combat cybercrime. And I will invite the Police Commissioner, Reece Kershaw, to speak in more detail about the effects of the legislation that has been passed by the Federal Government. But effectively, we have provided the police force with the powers that they need to really track down the cybercriminals and to take the action that is needed. We’ve worked with the United States on the CLOUD Act to make sure that there is access to the information and the data that the AFP needs to in a very timely manner. So, what we have today is a further rollout of the great initiatives that have been put in place by the Federal Government working very closely with our law enforcement agencies and also with agency to deliver. So, I’ll invite Commissioner Reece Kershaw.
REECE KERSHAW: Good morning, Minister, and thank you for your kind words and your support and in particular to be here today to open the national – sorry, the Joint Cybercrime Coordination Centre; and also, for the launch of the National Plan to Combat Cybercrime. The crimes in the twenty‑first century are increasing now cyber‑based. We are seeing cybercriminals often tens of thousands of kilometres away taking money out of Australians’ wallets and nest eggs, holding businesses to ransom and stealing intellectual property from academia. Australia is facing an escalating cybercrime threat with a significant cost to individuals over the past few years, and over the 2021 financial year, Report Cyber received over 67,500 reports; and that is more than 180 per day – up nearly 13 per cent from the previous year. I also suggest that we are also underreported in this area. It’s been estimated that in 2019, cybercrime cost the Australian community about $3.5 billion. And, unfortunately, risk from cyber threats will only increase with the ongoing development of technologies, such as artificial intelligence and 5G communication networks. This is the new frontier of crime and the AFP – Australian Federal Police – is committed to working our partners both here, domestically and overseas to ensure the long arm of the AFP reaches criminals no matter where they are in the world. The National Plan to Combat Cybercrime and the JPC3 as it’s known is a key part of this commitment. The JPC3 gives us a real-world place where the AFP, “state and territory police”, banks and communication providers and industry experts and academics can get together, stand up and investigational tasks and develop actionable intelligence to counter cybercrime threats. A key focus of this centre will be financially motivated cybercrimes that impact individuals or small to medium enterprises where the offender is in a different jurisdiction to the victim, often overseas, and where the amounts of each individual crime are not classed as a large‑scale fraud. So, the centre has been developed to make collaboration between law enforcement – you’ve seen the catch cry of “combatting cybercrime through collaboration” – through law enforcement, industry and Government as seamless as possible. It also has a focus on further enabling and supporting the disruption of cyber criminals overseas through the AFP’s existing relationships. The centre will complement existing roles of Australian policing agencies, the Australian Cyber Security Centre and other current and future bodies by providing the platform to connect those stakeholders together. The Prevention and Community Outreach Arm, which is based over here in this building, of JPC3 will engage with victims of cybercrime through prevention, education, awareness, and raising that through media activities as well. Prevention and education for us remains an effective way to mitigate the threats of cybercrime. And we have found from other crime types, like organised crime and terrorism, that bringing together our partners with all of us in one location to tackle these crimes leads to better outcomes. That’s the whole point of why we’re here today. We want to identify those threats in the cyber realm, make it harder for criminals to do their business, bring the full weight of law enforcement on them and deliver better outcomes for Australians targeted by these people. Thank you.
JOURNALIST: I have a question. Reece Kershaw, obviously Australia suffers [Indistinct] along with the rest of the world [Indistinct] Russia invaded Ukraine and the obvious concerns about the possible retaliation of cybercrime, which Russia has engaged in in the past. Have there been any such attacks detected or thwarted in the past month or so since they invaded?
REECE KERSHAW: Look, we have not seen that as of yet. We work closely – we’re embedded with the Cyber Security Centre. Their primary role is around cybersecurity and protecting Australia’s infrastructure in those areas. For us, from an intelligence basis, we haven’t seen that, from a criminal aspect. However, we’re ready for that – to be able to respond to that, and we do know that a lot of the ransom aware type services that we’ve seen where businesses are also compromised, and individuals, comes from that part of the world, whether it be Eastern Europe or Russia.
JOURNALIST: Not necessarily state-sanctioned but individuals of organised crime?
REECE KERSHAW: Definitely. You know, and for us we are still working with various agencies, whether it’s Interpol, Europol, our equivalents, throughout the globe to try to attack these individuals down. Even my recent trip to the US highlighted that, unfortunately, none of us are immune from this and our Five Eyes partners and also our partners in Asia are experiencing the same issues when it comes to cybercrime.
JOURNALIST: Does it provide more technical capabilities or is it more of a strategic thing to have the operation under the one roof – better for communications and better for strategy to coordinate?
REECE KERSHAW: Yeah, it’s a best practice model that has worked across the globe and, as I said, working in partnership and collaboration with industry I think is key – academia, other Government agencies, whether they be state or federal. I think all of us need to get into the fight and understand it at a deeper level. As you can, it’s increasing, which means it’s a real concern for us. I also suspect that the community are not reporting a lot of these crimes because, unfortunately, on cybercrime, sometimes the experience with reporting cybercrime can be shameful or people are embarrassed that they’ve lost their funds or their superannuation or they’ve been ripped off through a ransom scheme. So, we are really encouraging people to report that to States and Territories and to the AFP and through Report Cyber to build that confidence in the system.
JOURNALIST: So, this encourages individuals to report directly to you and you can act on that or how does it work?
REECE KERSHAW: It will still but through Report Cyber. That’s the best way because that’s open 24 hours. You’ve also got your option of your 131 444s. You’ve got other means to contact State and Territory Police as well to report those crimes and all of those get centralised through Report Cyber. So, part of this centre will be encouraging confidence in the system for people to report and where do you report that, and also how do we actually map out the experience of victims strategically to make sure we are delivering the right services and people are aware of what they can and can’t do online, but also how to report cybercrimes.
JOURNALIST: What elevates the status of an investigation to this building? What bar has to be met?
REECE KERSHAW: Well, here’s what we’re going to do: we’re going to look at everything. This is unique. We – in policing sort of terminology we call it high-volume crime. We’re not going to put a dollar figure on it because it is about fact that it’s a serious offence that these people are committing, so, for us, we will be looking at everything.
JOURNALIST: I was going to ask the Minister as well. How do you know that you are getting this national plan, right?
KAREN ANDREWS: Well, we have every confidence that we’ve gone through the process of consultation. I’ve spoken to my State and Territory colleagues. We’ve worked very closely with Reece Kershaw and his team at the Australian Federal Police. It is a plan that really has been based on that level of consultation. Now, I’m not going to stand here and say that it will never change over time, because all of the best plans always have a level of flexibility to be able to respond to what may happen during the rollout. If I take on the question that was raised in relation to Russia and potential attacks on our Australian networks here, what I can say is that a lot of the work that’s been done to protect Australia was being done way before Russia invaded Ukraine. So, work was already in place to protect our networks here. Legislation was before the Parliament to support and protect our critical infrastructure. Those steps have been in process for some time. That puts us in the good position that we are in now, to be able to protect our critical infrastructure, to make sure that we are working towards protecting individuals, families and businesses against cybercrime because we know that is going to be such a significant issue for many of us in the coming weeks, months and years. So, in terms of the plan that has been developed – it’s based on strong consultation, but it enables a level of flexibility that so on that we can adjust, we can modify it over time so that as we obtain more information – and that could come from facilities such as this and the work that the Australian Federal Police is doing – we will adjust that plan accordingly so it is responsive to the needs of the community.
JOURNALIST: Minister, can I just ask, Australians have been losing billions of dollars over many, many years. In 2019 alone I think it was $3.5 billion. Presumably, it was billions before that. Why has it taken so long to get to this point?
KAREN ANDREWS: This is actually a further step in the work that the Government has been doing. So, we have supported the establishment of Report Cyber to encourage people to do things such as to update their security methods and make sure that they are putting in place the things that they need to protect themselves because this is a two-way street, quite frankly. It’s support from Government, but individuals and businesses also need to take responsibility for their own cybersecurity. So, steps have been in place for quite some time; and, yes, individuals could lose a significant amount of money through the loss of their identity, sale of that identity, particularly on the dark web. So, this is a further step that the Government is taking in support of individuals and businesses right around Australia to make sure that we are helping them to combat cybercrime, that we are rousing the Australian Federal Police so that they can take the action that they need. This is not just a one step. This is part of a process and there will, undoubtedly, be more to follow.
JOURNALIST: Will there be a certain focus on countries where this cybercrime might be coming from, particularly, you mentioned Russia but also China?
REECE KERSHAW: Look, wherever we identify the threat, we will go after them, and that’s the beauty of having a collaboration and us being embedded with the ACSC. We can use our partner agencies offshore. We’ve got a great international network based in 33 countries, and we’ll try to create a hostile environment where if you cross our border, even if it’s virtually and you come in, and want to rip off our mothers and fathers and grandmothers and grandfathers, then we’re going to come after you in any way we can. So, we’ll use the full force of the – I guess for us our networks and also at law, you know, hold these people to account. The challenge in this space is identifying, as you would be aware, the actual places where it comes from and then resolving that. So, we’re all working on those and one of the key factors there, and the Minister mentioned it previously, is the new legislation that we have, the surveillance legislation – identify and disrupt – and that’s a data disruption warrant, a network activity warrant and also a hostile account takeover. We’re using those powers now and they’re in their infancy, and I suspect that as a result of those we will be tracking down those individuals. And it will be unique where we’ll be able to literally break their business models, which is, unfortunately, to commit criminal acts against Australians here and elsewhere, and then combined with the Five Eyes group, we made this a huge priority for all of those agencies.
JOURNALIST: It might be worth asking a question to the boss of cybercrime. What does this bill mean for this facility and its capabilities mean to you?
JUSTINE GOUGH: I think it’s going to be a wonderful opportunity to have that collaborative space, particularly in terms of the law enforcement aspect, so the cybercrime aspect. As has been indicated by the Minister and the Commissioner, we work in close partnership and collaboration with the Australian Cyber Security Centre, but this is a particular area of focus in relation to cybercrime, so working with our state and territory law enforcement partners, working indeed with our law enforcement partners and obviously the advantage of having the public-private partnership with industry is going to be really beneficial in the fight against cybercrime into the future.
JOURNALIST: Does this clean up the mess and the bureaucracy of individual states working towards something where the AFP from this building can actually keep an eye and umbrella watch over what’s going on and delegate and receive information?
JUSTINE GOUGH: What we have experienced in terms of a lot of the crime types that are investigated by the AFP and in child protection is a good example, for instance, that the ace is the powerful benefit of all of the agencies working in the same environment, sharing intelligence in real-time and determining, I guess, a concerted area of focus. This is particularly important in cybercrime because activities are taking place right across the country at any one point in time, and, in a lot of instances, the activity is not as connected as it will be in this centre going forward.