Interview with ABC Radio - National Cyber Security Coordinator, Darren Goldie
Transcript of Darren Goldie, National Cyber Security Coordinator interview with ABC Radio
8 September 2023
PATRICIA KARVELAS: Optus, Medibank, the law firm HWL Ebsworth – just in the past 12 months all of these companies have entered the headlines following major cyber-attacks, which have put the data of tens of millions of Australians at risk. So how is the government working with firms to prevent or at least mitigate the next inevitable hack?
Air Marshall Darren Goldie is the first National Cyber Security Coordinator and joins me now in the studio. Thank you so much for your time.
DARREN GOLDIE: Good morning, Patricia. Thanks for having me.
PATRICIA KARVELAS: You’re the first person in this role. What steps are you taking to improve cyber security in Australia?
DARREN GOLDIE: Well, I’ve committed my time so far to listening to Australians and listening to Australian entities. I’m down here in Melbourne for a major exercise today, but I spent yesterday visiting some of our biggest countries – our biggest companies and understanding their context, including one of the affected entities over the last 12 months, and hearing their feedback on how the commonwealth performed and how we can do better.
PATRICIA KARVELAS: Okay, which entity was that?
DARREN GOLDIE: That was Latitude Financial Services, the third of the four major ones in the last year.
PATRICIA KARVELAS: Yeah, so what sort of feedback did Latitude give you about the commonwealth’s role in all of this?
DARREN GOLDIE: Latitude came after our experience with both Optus and Medibank where the government was of the view following a couple of reviews that our response was not as good as it could have been. So, we were taking baby steps during the Latitude period, and there was quite a lot of engagement between both the Australian Signals Directorate, the Australian Cyber Security Centre on the technical side as well as Home Affairs on the consequence management side.
So, their feedback was that they felt there were a lot of commonwealth agencies ready to support them and offering their assistance, but it wasn’t as congruent and coherent as it could have been. So that’s the foundation on which the government has appointed my role to provide that coordination position across the commonwealth and also working with jurisdictions, so state governments obviously.
PATRICIA KARVELAS: I want to talk about the drills and how they’re going to work in a moment, but just still on what you’re learning through the listening, are you getting a sense that we’re really undercooked on this?
DARREN GOLDIE: I don’t think we’re undercooked as a nation, but we could do better as entities at understanding our risk position. So that starts at the individual level – the way we manage our passwords, the way we manage our data and our backups and depends right through to the biggest companies in the country. Do people understand the risks they’re exposed to? Are they mitigating those risks, and do they know what to do if it went wrong? And I compare that to perhaps some natural disasters or some other incidents that we’re very used to dealing with as a country – floods or fires – we know the roles that we play. We know the roles that government will play, and we know what to do in the event of a crisis. We’ve got to be better at that in cyber.
PATRICIA KARVELAS: Sure, but instead of putting the onus on individuals, do you think that business carries – should carry more of that burden?
DARREN GOLDIE: Absolutely. And I think the balance of contribution to a cyber incident should be carried by those that are most suited to do it. So that’s a large part of why we’re working with the sectoral groupings and big business on how they can better protect Australians.
PATRICIA KARVELAS: So, you’re in Melbourne, as you say, taking part in exercises with major businesses to simulate a cyber incident. Talk us through how these drills work.
DARREN GOLDIE: Yeah, sure. What we’re doing is moving through each of the major sectors. So, in legislation they’re called the critical infrastructure areas, and we’ve got 11 of them. Today is about the telecommunications industry. So obviously telecommunications, foundational to how we operate as a society but also very important to our national security. So, working with all of the big telcos on how we can better prepare. Today specifically is a desktop about a cascading series of incidents, trying to understand what role will we all play and how can we improve the preparedness so that if should the worst actually come along we can have a better response.
PATRICIA KARVELAS: It’s the third in a series. What have the other war games taught you about the companies involved?
DARREN GOLDIE: At the top end of town, we have a really good understanding of our cyber risk position. Telecommunications would be the exemplar of that where there are quite literally hundreds of cyber professionals working in these companies. Our challenge is how we work together so that if there’s an incident affecting one part of the ecosystem how do we better communicate across that ecosystem? And the government’s upcoming strategy is looking at ways that the commonwealth government can facilitate some of that across-sectoral sharing to make it a better outcome.
PATRICIA KARVELAS: And you’ve spent your career in the military. What’s it like having to cooperate like this with private companies?
DARREN GOLDIE: I’m actually really enjoying it. I think in the end
PATRICIA KARVELAS: Is it culturally quite different, though?
DARREN GOLDIE: It is, and it isn’t. I vary between the time I spend in the uniform and getting around town in normal clothes, in a suit. And I’m finding that there’s a widespread – there is widespread agreement that there’s a need for better coordination and a need for better preparation as a nation. And it’s a great opportunity to get out there and meet people.
PATRICIA KARVELAS: So, what role do you believe the media should play during major cyber incidents like, for example, the Optus hack?
DARREN GOLDIE: Before I spoke about natural disasters and the role that we all play as individuals. I think the media role is very similar in cyber security. So, firstly, opportunities like now where we’re talking about it and creating a narrative and a discourse across the nation. But, of course, during a cyber incident – and we’ve got to remember, not all cyber incidents will look like the last four, which is about Australians’ data; they may shut down a critical infrastructure, whether it be aviation or transport or mining, and so it will provide a really important vehicle to tell Australians what’s going on, so the transparency aspects, as well as what they should be doing should that be impacting on them.
PATRICIA KARVELAS: We’ve heard from the AEC about online disinformation increasing ahead of the referendum. Organisations such as the Australian Strategic Policy Institute say they’ve seen evidence of deliberate interference in debates from accounts linked to China. Are you taking steps to minimise the potential harm?
DARREN GOLDIE: I know the Australian Electoral Commissioner is working very hard on it. He has been working right across both commonwealth and state governments, particularly when you talk about future events in Australia. In fact, we’ve got an engagement coming up shortly, but I’ll probably leave the specifics of online disinformation to them.
PATRICIA KARVELAS: Okay, but you are going to play some role?
DARREN GOLDIE: I’m going to – I’ve spoken to him about our preparedness and making sure we’re best positioned should there be something come up in future elections.
PATRICIA KARVELAS: Okay. The government is in the process of considering changes to the Privacy Act. What wider changes would you like to see on how data is handled?
DARREN GOLDIE: What we saw last year was that big companies that have a sea of Australians’ personally identified information. We obviously have to protect that information. They have unique privilege in carrying it, but it’s through the privacy – the Private Act would be the best vehicle for how we look at those Australians’ data and how we protect it in the future.
PATRICIA KARVELAS: Thank you so much for joining us.
DARREN GOLDIE: No worries, Patricia.
PATRICIA KARVELAS: Air Marshall Darren Goldie is the National Cyber Security Coordinator.
