Closing Address to the Australian Strategic Policy Institute’s Sydney Dialogue

I acknowledge the Gadigal of the Eora Nation, the traditional custodians of this land and pay my respects to the Elders both past and present.

And like all members of the Albanese Labor Government, I reaffirm the Australian Government's commitment to implementing the Uluru Statement from the Heart in full – Voice, Treaty, and Truth.

The Covid-19 pandemic has changed the way many of us think about risk.

As what is somewhat unkindly referred to as a geriatric millennial, I grew up with the increasing rewards of living in an ever more inter-connected and interdependent world.

The internet directly connected me with new people, ideas and cultures from around the world.

Digital innovation spread unprecedented efficiency and economic opportunity through more and more complex international supply chains.

The benefits of becoming ever more intensely connected to, and reliant on, each other could be seen in every new version of the iPhone, in every new international friend made on social media and every new meme you were exposed to on the internet.

The Covid-19 pandemic however, brought home the risks of interconnectedness and interdependence in a way that touched all of our lives.

Not just the risks of the spread of a pandemic through interconnected global people movements.

But the Covid-19 pandemic also brought home our exposure to systemic risks.

The way that a shock in one place could have cascading impacts throughout a system.

How a novel coronavirus could affect semiconductor manufacturing in Asia and result in car manufacturing grinding to a halt in Europe.

The way a risk to one part of a system affected everyone connected to it.

While the first two decades of this millennium were dominated by optimisation and the pursuit of efficiency, recent years have seen necessary refocusing on risk management and building resilience.

As a nation, we’ve been thinking deeply about whole of nation cyber resilience as part of the Albanese government’s review of the Cyber Security Strategy.

Domestically, we’ve seen three of the biggest data breaches in Australia’s history in just the last six months.

A decade of inaction has left Australia vulnerable.

As my colleague and friend Minister for Home Affairs and Cyber Security Clare O’Neil has said, we are about 5 years behind where we should be.

As you heard at this conference yesterday, Minister O’Neil is working hard to build Australia’s domestic cyber resilience.

But we’re not the only country confronting the risks of cyber incidents in an interconnected and interdependent world.

All nations are currently grappling with how best to risks in the cyber domain.

That’s part of why we are integrating Australia’s domestic and international cyber strategies.

Since the election, the Albanese Government has made it clear that we’ve prioritised reengaging with our Pacific family in our foreign policy agenda.

We’ve been turning up and we’ve been listening to Pacific priorities.

We’ve heard their perspectives clearly.

We’ve heard for example that climate change is an existential risk for Pacific Islands nations.

We understand that taking real action on climate change is a precondition for being the partner of choice for the Pacific family.

We also understand that helping to build resilience against the threat of climate change must be a priority for our development assistance in the Pacific Islands.

We’ve also heard requests for assistance from Pacific Islands nations confronting the kinds of natural disasters that are expected to become more common as a result of climate change.

Last month, Australians stepped up to calls from the Government of Vanuatu, to help respond to the terrible Tropical Cyclones Judy and Kevin.

I’m sure that you saw on the news that over 600 Australian Defence Force personnel were deployed to Vanuatu.

Australians were there to help respond to the impact of the cyclones on health and community infrastructure, on power facilities and on people.

As a member of the Pacific Islands family, we were there for another family member in their time of crisis.

We always will be.

This approach also has many parallels to the way we are thinking about the challenge of building cyber resilience in the Pacific.

We’ve heard clearly that increasing digitalisation and connectivity are central to the economic development objectives of many Pacific Islands nations.

Indeed, as Samoan Prime Minister the Hon Fiamē Naomi Mata’afa said this morning, Pacific countries are looking for ways to “leverage technology to increase efficiency and sustainability…to achieve their development goals”.

We also understand that realising these economic development objectives relies on a simultaneous increase in levels of cyber resilience in the Pacific Islands.

Pacific Islands governments understand that, as they increasingly digitalise and connect to the global economy, they are also increasingly exposed to cyber threats.

We have come to find that, as nations become more reliant on these systems, cyber incidents can be similar in impact to a natural disaster.

Whether a government IT system or a national emergency service provider has been taken offline by a cyclone or a ransomware attack, the cascading impacts on the people and communities relying on those systems is very similar.

Last year, at the Singapore International Cyber Week, I warned that we would inevitably see an increasing number of ransomware incidents in the ‘global south’ as the digitisation and connectivity of these nations grew.

In the last six months, this warning has become reality.

We have repeatedly seen the devastating impact of major cyber incidents on Pacific countries in recent times.

The impacts of natural disasters on the Pacific in recent times are obvious, and devastating.

But, while you may have seen Australia’s response to Tropical Cyclones Judy and Kevin, what you probably didn’t see is Australia’s response to cyberattacks in the Pacific.

These recent incidents didn’t attract the same level of media coverage as Tropical Cyclones Judy and Kevin. But Australia’s response was the same.

Australian cyber security experts and diplomats were invited by Pacific countries to help respond to major cyber crises.

Responding to these incidents didn’t require Chinook helicopters, assessment aircraft or LHDs, but the contribution these Australians made was huge.

They helped recover Pacific countries’ communication systems, payment systems, and citizen data after devastating ransomware attacks.

These Australians brought ambulance services back online and ensured hospitals could continue to treat patients effectively.

The Australian support also extended beyond the immediate technical fixes.

We were there to also build long term resilience – to build back government networks better.

These DFAT-led teams worked side-by-side with Pacific technical experts, policy makers and leaders to share knowledge, exchange ideas, and provide education, awareness and best practise advice.

We’ve long been proud to play our part as a member of the Pacific family in building resilience against natural disasters and helping nations and communities to recover when disaster does strike.

And as Pacific nations develop more connected and digitally reliant economies and societies, I’m already proud of the way that Australia has helped to build resilience against cyber risks and to assist with recovery when incidents occur.

But the challenge is growing and evolving.

So in the Albanese Government’s review of our Cyber Security Strategy, we’ve been thinking hard about how we can best support the economic development ambitions of Pacific countries, in the context of these growing cyber threats.

We’ve been listening to the perspectives of Pacific Islands nations, non-government organisations, think tanks, and industry during this process.

We want to be the partner of choice for the Pacific family on cyber resilience building and incident response.

Australia needs to step up and streamline sustained, day to day resilience building efforts in the long term.

And Australia can do more to provide targeted responses to cyber security incidents in our region.

We’ve heard the challenges that Pacific countries confront when uplifting their cyber security.

Australia faces many of the same challenges to uplifting our cyber security.

Challenges like skills and local resources.

But there are also unique challenges which go above and beyond the challenges that we face in Australia – challenges of scale and of connectivity.

We believe that with our hard-won experience, our expertise and capacity, and crucially, our relationships with our Pacific family, we can make a uniquely Australian contribution to this effort.

We’ve heard that Pacific countries welcome our engagement and support in these causes.

And, like us and any country, we’ve also heard the consistent, and legitimate, calls from the Pacific for the preservation and the strengthening of sovereignty.

We hear and we respect those calls. We want the same thing in our own country.

We understand the need to have sovereign skills, capability and technical solutions when securing your country.

So that’s front of mind when we think about the security in our region, and as we rethink our international cyber policy strategy.

It’s a collaborative process.

We are asking some tough questions:

• How can we help build the national capabilities of Pacific countries, without creating a brain drain?
• How can we leverage Australian experience and capacity to support Pacific objectives as a partner, while vigilantly respecting their sovereignty?
• How can we build institutions that continue to listen to Pacific priorities while uplifting cyber resilience?
• How can we work on our own institutions here at home, to become a long term and sustainable partner?
• How can we continue to build and maintain trust between leaders and between cyber experts in the Pacific family?

We’re thinking hard about these questions, and we welcome your input.

We understand that government doesn’t have all the answers.

We know that the technology space relies on engagement from players across industries, institutions and sectors.

We can’t do it alone.

This Dialogue has provided an opportunity for experts to meet, exchange ideas, and – hopefully – get outside your intellectual comfort zone.

It has also provided us with a rare opportunity for us to engage in blue sky thinking.

We recognise there are many cyber risks facing both Australia and Pacific nations.

But we need to take this opportunity to think about how we want the world to look. And how we can influence the world to get there.

We need diverse voices submitting to our Cyber Strategy discussion paper.

So, I challenge you to harness the energy and ideas you’ve gained here at The Sydney Dialogue.

I challenge you to think creatively about how we can make the online world, and our region, a safer and fairer place.

I encourage you to participate in the conversation.

Thank you.