Senator David Shoebridge – Estimates questions relating to an MOU on cybersecurity between Australia and Israel

Photo of Senator David Shoebridge
May 28, 2024

In May of this year, an FOI that I put to the Department of Defence was redirected to the Department of Home Affairs. It was in relation to the memorandum of understanding on cybersecurity between Australia and Israel, signed in 2019. Who has knowledge of that?

CHAIR: Senator Shoebridge.

Senator SHOEBRIDGE: In May of this year, an FOI that I put to the Department of Defence was redirected to the Department of Home Affairs. It was in relation to the memorandum of understanding on cybersecurity between Australia and Israel, signed in 2019. Who has knowledge of that?

Mr Hansford : I certainly have knowledge of the MOU.

Senator SHOEBRIDGE: Was the MOU that was signed in 2019 replacing an existing MOU, or was it a fresh MOU?

Mr Hansford : I believe it was a fresh MOU signed by the then cyber adviser, in his capacity as a member of the Department of Home Affairs, with the government of Israel on 27 January 2019.

Senator SHOEBRIDGE: Sorry, I could hardly hear you. Who were the signatories?

Mr Hansford : The Australian signatory was the then cyber adviser, Mr Alastair MacGibbon.

Senator SHOEBRIDGE: And the counterpart?

Mr Hansford : Mr Gower, I know you’ve got that detail.

Mr Gower : I’ll need to take the specific name on notice, but it was the head of Israel’s National Cyber Directorate.

Senator SHOEBRIDGE: What does the MOU provide for?

Mr Gower : The MOU, as Mr Hansford has set out, was signed in January 2019. We haven’t released that publicly, but its intent was to capture existing cooperation between the Department of Home Affairs and the Israeli National Cyber Directorate. There was a brief press release provided when the MOU was signed. That spoke about the continued expansion of cooperation between the two countries in their common interests in the cyber field, including cyber defence, civil aviation and dealing with key technology challenges, such IOT and 5G. More broadly, though, there aren’t specific elements or specific programs of work underneath the MOU. We use it as a bit of a signal that we’ll continue to work together. There have been a number of engagements at a working level, talking about how we go about protecting our critical infrastructure. There’s been at least one visit from members of the Israeli National Cyber Directorate, back in November 2022. There’s just general cooperation that is done under the MOU, but there is nothing specific around particular programs that must be conducted.

Senator SHOEBRIDGE: Have you got a copy of the press release that was issued in 2019?

Mr Gower : I don’t have a copy of that press release on me.

Senator SHOEBRIDGE: Can you provide a copy to the committee?

Mr Gower : Yes, certainly.

Senator SHOEBRIDGE: Is the MOU still on foot?

Mr Gower : It is still valid, yes.

Senator SHOEBRIDGE: What’s its term, or is it indefinite?

Mr Gower : I believe it’s indefinite, but I’d want to take that on notice.

Senator SHOEBRIDGE: You said that the MOU effectively codified existing practice.

Mr Gower : Correct.

Senator SHOEBRIDGE: But then you said the media release spoke about an expanded relationship. Did it just codify existing practice or—

Mr Gower : I think it does both. We were already engaging with our counterparts in Israel. This captured what we were already doing, but it also signals an intent to do more together, whether that be in relation to cybersecurity, the Internet of Things or whatever the subject may be.

Senator SHOEBRIDGE: You refused to provide a copy of the MOU under the FOI. It was said that providing the MOU itself could ‘reasonably be expected to cause damage to the international relations of the Commonwealth’. The department then said, ‘I’m of the view that the disclosure of the memorandum of understanding could reasonably be expected to inhibit future communications and negotiations between the Australian government and foreign governments, including the State of Israel.’ How would providing an MOU about cybercooperation, as opposed to any secret data, ‘inhibit future communications and negotiations between the Australian government and foreign governments, including the state of Israel’?

Mr Gower : It really goes to a matter of trust. As you know, we’re seeking to build trust between agencies and between countries. In order to do that, we need to make sure that the countries we engage with have confidence that we’re able to protect communications, arrangements or anything else we might have out in the public domain, while still providing public information about, in a general sense, what the agreement is and what we’re doing under it but without providing the actual copy and making that public.

Senator SHOEBRIDGE: But the MOU doesn’t contain any national security information. I’m assuming it sets out the principles under which Australia will cooperate with the state of Israel on cybersecurity. It doesn’t contain any national security information itself, does it?

Mr Gower : The exemption goes towards our international relations rather than national security and giving confidence to other countries that engage with us that, if they sign an agreement, that agreement won’t be made public and they can trust that, when they do engage with us, we will treat that information appropriately.

Senator SHOEBRIDGE: The vast bulk of international agreements that Australia enters into are public, and that allows for parliamentary scrutiny and public scrutiny. Why is this one not public?

Mr Gower : The decision was made that, in this case, it is not something that both parties would want to make public—or at least Australia did not want to make public. But, as I said, we provided—and it is publicly available—an outline of broadly what the MOU covers.

Senator SHOEBRIDGE: But what is in it that you want to hide from the public? What is in it that you don’t want the public to see in this arrangement between Australia and Israel on cybersecurity? What is in that, if the public saw it, would damage relations with the state of Israel?

Mr Anstee : Senator, I don’t think Mr Gower has implied necessarily that there is anything in the document itself that—

Senator SHOEBRIDGE: Well, show it to us.

Mr Anstee : However, despite the virtue of the private agreement being reached between two countries, under the international relations construct, it was decided that it should not be released.

Senator SHOEBRIDGE: Was it Australia’s position going into the negotiations of the MOU that the outcome should remain confidential? Was it always going to be a cloak-and-dagger arrangement?

Senator Watt: That is your characterisation of that, of course.

Senator SHOEBRIDGE: Was it always going to be one of those arrangements? Was that Australia’s position going in?

Mr Gower : I think it was quite publicised at the time of signing. While the agreement itself is not public, the fact that we were entering into an agreement was quite public.

Senator SHOEBRIDGE: Did Australia go into the negotiations on this cybersecurity arrangement with the state of Israel with the intent that the MOU would be confidential? Was that the position Australia adopted? Or are you saying that, now it has been done, you think Israel might want to keep it confidential?

Mr Gower : I can’t speak to that. I wasn’t around when the agreement was signed.

Senator SHOEBRIDGE: Can you take on notice the question of whether or not this was the intent of the Australian government at the time?

Mr Gower : Yes, Senator.

Senator SHOEBRIDGE: I can understand why certain content that might be exchanged under a cybersecurity arrangement—it might show vulnerabilities in some infrastructure; it may show particular threats and potential responses to threats—and why what is exchanged under the MOU might be reasonably confidential. But I still can’t understand why you won’t make the MOU itself public. Is it simply that it might offend the state of Israel? Is that why we are not seeing it?

Senator Watt: I think the witnesses have already answered that question—and it is not that answer that you keep seeking.

Senator SHOEBRIDGE: Tell me why, then, Minister.

Senator Watt: They have already answered the question.

Senator SHOEBRIDGE: Well, you tell me why the government is not releasing this MOU.

Senator Watt: I can’t add anything to the answers the department have already provided to you.

Senator SHOEBRIDGE: Has there been any information exchanged under this MOU since 7 October last year?

Mr Gower : At a working level, there has been one set of basic information exchange, which was Australia providing some information about how we regulate our critical infrastructure.

Senator SHOEBRIDGE: Who on the Israeli side are we providing information to under this MOU? What’s the agency or department on the Israeli side that we’re providing information to?

Mr Gower : I’d need to take that particular instance on notice, but my working basis would be it was the National Cyber Directorate, given that that is who we have the MOU with.

Senator SHOEBRIDGE: But that was in 2019; that’s five years ago now. Is it still a connection—is it still an arrangement between Australia and the National Cyber Directorate in the state of Israel?

Mr Gower : I’m sorry—

Senator SHOEBRIDGE: Is that still the institutional connection—between Home Affairs and the National Cyber Directorate?

Mr Gower : I’m not aware if they’ve had a name change, but the functions of that agency are still who we would have that relationship with via our post and e-comms.

Senator SHOEBRIDGE: Since it was entered into, has there been any exchange of information with the Israeli Defense Forces?

Mr Gower : Not that I’m aware of.

Senator SHOEBRIDGE: When did you say you started working in this space, Mr Gower?

Mr Gower : I commenced in February of this year, but in the brief in front of me there’s nothing to suggest that that information has been shared with the defence force of Israel.

Mr Hansford : I’ve been around since the start of 2019 and have had a number of engagements under the MOU with the Israeli government. They have all been on a policy basis about our national strategy, our regulation and what we do to protect infrastructure. So that has been a policy basis for collaboration and engagement.

Senator SHOEBRIDGE: Thanks for that. Secretary, will you provide a copy of the MOU to the committee?

Ms Foster : I’ll take that on notice. We’ll need to consider whether there is a public interest immunity claim in relation to that, noting that we’ve already, as I understand it, had advice from the Department of Foreign Affairs and Trade in relation to the FOI request, so I would want to go back and do that process properly, but we will certainly look at it for you.

Senator SHOEBRIDGE: So it wasn’t clear from the FOI that that advice came from DFAT.

Ms Foster : The decision was ours. We sought—

Mr Anstee : But we consulted DFAT as part of that process.

Senator SHOEBRIDGE: So it was DFAT that raised the objection, was it?

Ms Foster : It was the delegate’s decision. It’s not uncommon for us, when we’re considering international relations impacts, for us to consult with DFAT, and their input is part of our decision-making process. But they’re not the decision-maker; our delegate is.

Senator SHOEBRIDGE: Can you provide to the committee on notice what information you received from DFAT in the course of making the FOI determination?

Ms Foster : Yes.

Senator SHOEBRIDGE: Thank you.

Link to Parliamentary Hansard