Thursday, 13 November 2025

 David LIMBRICK (South-Eastern Metropolitan) (12:23): My question is for the minister representing the Minister for Government Services. Yesterday in Melbourne the head of the Australian Security Intelligence Organisation Mike Burgess spoke at an Australian Securities & Investments Commission forum. His statements represent a stark warning about the risks of malevolent foreign actors targeting Australian computer networks and infrastructure in sophisticated cyber attacks. He stated that certain foreign states are already attempting to penetrate and map our critical infrastructure and there is a risk that targeted attacks could cause chaos. There is a reason to worry that we are desperately underprepared to meet this risk. During the last sitting week a report from the Auditor-General on an audit of the cybersecurity of IT servers of government departments was tabled. This report highlighted that agencies are completely failing to update and monitor their servers and maintain high standards of cybersecurity compliance. What is the government doing to ensure the safety and security of critical digital infrastructure in Victoria?

 Jaclyn SYMES (Northern Victoria – Treasurer, Minister for Industrial Relations, Minister for Regional Development) (12:24): I thank Mr Limbrick for his question. It is a very important issue that is front of mind for the minister, and I am sure she will be happy to provide you a response.

 David LIMBRICK (South-Eastern Metropolitan) (12:24): I thank the minister for passing that on. Whilst I have some concerns about the timeline of proposed responses to the Auditor-General’s report, cybersecurity risks are far broader than just accurately accounting for and updating key servers. Mike Burgess presented examples of various attempts, both domestic and overseas, of actions and attempts to hack or sabotage private businesses and critical infrastructure.

While I am both concerned and interested in how both the federal and the state governments are acting to ensure we are well positioned to defend against these threats, there is a particular risk next year. Next year Victoria will have an election, and while we retain paper ballots, which is a good thing in my mind, there are various ways that the election could be impacted, including targeting the VEC itself. Given the risks identified by ASIO and failures to maintain high standards identified by the Auditor-General’s report, what is being done to ensure that the VEC and any other critical digital infrastructure is prepared for any cybersecurity threats in the lead-up to next year’s election?

 Jaclyn SYMES (Northern Victoria – Treasurer, Minister for Industrial Relations, Minister for Regional Development) (12:25): I thank Mr Limbrick for his supplementary question. I will pass that on to the minister for response.