13 Dec 2022 Cybersecurity Person of the Year: Clare O’Neil, Australia’s Minister for Cyber Security
After a trial by fire, the world’s first dedicated cyber security minister is ready to “punch back” – and make Australia “the world’s most cyber-secure country” by 2030 Press Release
Melbourne, Australia – Dec. 13, 2022
Cybercrime Magazine’s “Cybersecurity Person of the Year,” Australian Minister for Cyber Security and Minister for Home Affairs Clare O’Neil, has never been one to run away from a challenge — but this year, as she ascended to one of the most senior roles in Australia’s newly elected left-leaning Labor Government, the challenges have found her in spades.
After Prime Minister Anthony Albanese wrested control of the government from the nine-year conservative incumbent Scott Morrison in a landslide May election, 41-year-old O’Neil found herself with a slew of ministerial appointments spanning national security, immigration — and, in a global first, cyber security — in a period when Australia is actively revisiting its regional relationships and charting a course through an increasingly unstable geopolitical future.
O’Neil’s appointment as Minister for Cyber Security not only made her the first dedicated Cyber Security minister in the OECD’s top 20 countries, but did so at a time when governmental notions of cyber security were rapidly evolving in the face of the elevated threat caused by Russia’s invasion of Ukraine.
The cyber risk faced by the country was more than theoretical: months after her appointment, O’Neil found herself working with the Australian Federal Police (AFP), Australian Cyber Security Centre (ACSC), and other organizations as they scrambled to deal with what, it soon became clear, was one of the most serious data breaches in Australia’s history.
Cybercrime Radio: 2022 Cybersecurity Person of the Year
Clare O’Neil, Australian Minister for Cyber Security
Nearly 10 million customers of number-two telecommunications company Optus had personal details, driver’s license numbers, passport details, government Medicare identity card details, and other personal information compromised during the breach — which saw O’Neil applying the force of the government to pressure passport authorities, state road authorities, technical specialists, and more to both contain the breach and manage its massive fallout.
It was a call to arms for O’Neil, who jumped into action — standing in Parliament to deride Optus executives who, she said, had “effectively left the window open for data of this nature to be stolen…. The breach is of a nature that we should not expect to see in a large telecommunications provider in this country.”
Her response to the Optus breach included recognition that it was time for a “substantial reform effort” whose substance, it soon became clear, would include a significant increase in potential data breach fines from $1.4 million ($A2.22m) to $32m ($A50m); the enabling legislation passed Parliament two months later, not the least because of O’Neil’s strong advocacy.
Elevating cyber in the face of compromise
The Optus breach was a trial by fire for O’Neil, long a rising star in political circles who was elected mayor of the Melbourne-area city of Greater Dandenong at the tender age of 23 — making her the youngest mayor in Australia’s history.
A Monash University graduate and former Fulbright Scholar who earned a Master of Public Policy from Harvard University, her subsequent years included work as an engagement manager at McKinsey & Company, engagements with Aboriginal communities in remote East Arnhem Land, and — in 2013 — her election as the Member for Hotham, a multicultural electoral division that spans 30 square miles in Melbourne’s southeast.
Three years later, O’Neil was appointed to the shadow ministry — the group of non-executive ministers whose job it is to observe, question, and counter the policymaking of the government of the day — and worked as Shadow Minister for Justice.
Subsequent roles — including shadow ministries for Financial Services; Innovation, Technology, and the Future Of Work; and Senior Australians and Aged Care Services — filled out her expertise to the point where she was tapped on the shoulder by Albanese as he made appointments in the wake of this year’s election.
Her long climb through Australia’s political ranks should earn her one of the Australian government’s most significant roles before her 42nd birthday, largely due to a can-do attitude that O’Neil has explained is because she “never wanted to wait to do things,” but now that she is driving such a significant portfolio of government policies, the explosion in cybersecurity exposure has guaranteed the times ahead will be challenging.
Throughout the course of October, Australian companies faced a slew of high-profile data breaches that saw the personal details of millions of people — a significant proportion of the entire population, in a country of just 26 million — stolen, leaked, or sold online to the highest bidder.
The compromise of the country’s largest private health insurer, Medibank, by the Russia-based REvil ransomware gang rapidly eclipsed the Optus breach as hackers demanded a multi-million-dollar ransom and began publishing Australian citizens’ confidential medical histories in files grouped by ailment — including mental health issues, alcoholism, abortions, and more.
The pressure was on O’Neil to respond — particularly as the hackers began threatening to target high-profile citizens by name, and the prime minister identified himself as one of the people whose data had been compromised.
Medibank ultimately refused to pay the ransom, and at the end of November the hackers dumped all of their data for public access — exposing the medical histories of up to 9.7 million Australians, and cementing the incident as one of the most destructive attacks in the country’s history.
Building Australia’s new cyber agenda
As the fallout from the breach continues, O’Neill has gone on the offensive — decrying the “scumbags” that hacked Medibank and, in a recent speech at the National Press Club, laying down an ambitious agenda that she believes will make Australia “the world’s most cyber-secure country by 2030.”
To shape the agenda, three eminent cybersecurity experts — including former telecommunications executive Andy Penn, cybersecurity policy giant Rachael Falk, and former Chief of Air Force Mel Hupfeld — will helm the creation of a new Cyber Security Strategy that will also engage experts overseas.
“Some of the biggest cyber guns from around the world love the scale of our ambition, and they’ve agreed to help,” O’Neil said in calling the effort a “fight to protect our citizens and our economy.”
The effort will include strengthening critical infrastructure and government networks; building sovereign cybersecurity capabilities “so we can stand on our own two feet”; and strengthening international engagement to position Australia as a “global cyber-leader” — including partnerships with regional Pacific nations, for which Australia has this year become engaged in a mindshare battle against an increasingly aggressive China.
As a result of the Optus, Medibank and other recent breaches, O’Neil has also facilitated a partnership between the AFP and the Department of Defense-aligned Australian Signals Directorate, building a team of 100 cybersecurity specialists who will, she said, be “permanently focused on hunting down people seeking to hack our systems, and hacking back.”
“For the first time, Australia will punch back at the hackers,” O’Neil said, citing legislative changes to date; noting that Australia has “taken leadership” of the new, 36-country Counter-Ransomware Initiative partnership; and foreshadowing a raft of additional changes designed to put Australia on the front foot when it comes to cybersecurity.
Given that her portfolio as Home Affairs Minister also includes Australia’s spy agency ASIO and the country’s immigration agencies, O’Neil is in a unique position to inextricably link cybersecurity objectives with issues like the changing geopolitical situation and the migration policies that are proving critical to helping Australia build a strong-enough cybersecurity workforce.
“The approach we are taking — strong, serious, depoliticized — is how we make our country safer,” O’Neil said, “not by beating our chests and playing the politics of the moment.”
Just six months into her new role, O’Neil has shown herself to be truly committed to change — and determined to fix the mistakes and oversights of the past. She has moved quickly and decisively, driving rapid policy change and showing a new fearlessness designed to make Australia a world leader in cybersecurity, rather than a serial victim.
That’s why for her success in escalating the importance of cybersecurity in Australia’s national dialogue, her steadfast determination to drive real change after the devastating Optus and Medibank breaches, and her role as a global cybersecurity thought leader who is ensuring that the cybersecurity battle is fought on the global stage, Cybercrime Magazine is proud to present Clare O’Neil with the 2022 Cybersecurity Person of the Year award.
Previous recipients include Jen Easterly, director of (U.S.) Cybersecurity and Infrastructure Security Agency; Dr. Ambareen Siraj, founder of WiCyS (Women In Cybersecurity); Craig Newmark, philanthropist and founder of craigslist; and Sylvia Acevedo, rocket scientist and former CEO at Girl Scouts of the USA.
– David Braue is an award-winning technology writer based in Melbourne, Australia.
Go here to read all of David’s Cybercrime Magazine articles.