Coronavirus: Australia calls for stronger defences amid cyber attacks

The Australian Cyber Security Centre (ACSC) has called on critical infrastructure providers to protect themselves from cyber attacks amid the ongoing Covid-19 pandemic.

The advice comes on the heels of growing attempts by hackers to compromise Australia’s critical infrastructure facilities such as power and water distribution networks, as well as transport and communications grids.

“Securing Australia’s critical infrastructure, and systems that control our essential services, is a major priority for the Australian Cyber Security Centre and our partners in the sector,” said ACSC head Abigail Bradshaw.

“We are continuing to see attempts to compromise Australia’s critical infrastructure. It is reprehensible that cyber criminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis,” Bradshaw said.

“A cyber incident involving critical infrastructure can have serious impact on the safety, and social and economic well-being of many Australians. If these systems are damaged or made unavailable for any length of time, it can cause significant disruption to our lives.”

Many critical infrastructure operators are making decisions on how to safely keep businesses running while allowing access to sensitive operational technology assets by staff working remotely. These employees would normally be in control rooms or worksites protected by cyber and physical security barriers that restrict outside access. 

The ACSC said while social distancing is safer for health reasons during the pandemic, working from home can create cyber security risks that malicious actors are actively working to exploit.

It also provided guidance on technical controls that organisations can use to respond to challenges associated with Covid-19, as well as to support operations staff working remotely, some for the first time.

This includes general cyber security practices for remote working, as well as specific advice for infrastructure operations, such as setting up a secondary control room that offers better security controls than home or remote access, and having a rapid disconnect plan that can be deployed quickly if malicious activity is detected.

On 8 May 2020, the ACSC warned of advanced persistent threat (APT) attacks against healthcare organisations and medical research facilities by those seeking information and intellectual property relating to vaccine development, treatments, research and responses to the Covid-19 outbreak.

The ACSC said it had identified adversaries and cyber criminals as responsible for compromising email servers of health sector entities in Australia, which are then used to distribute Covid-19 phishing emails in an attempt to deploy malicious software, including ransomware, or to gain access to other targeted organisations.

In a discussion paper on Australia’s 2020 cyber security strategy, the government highlighted the cyber risks to the country’s critical infrastructure and called for views on how the public and private sectors can remediate cyber risks on essential private networks, among other areas.

According to a recent survey commissioned by Nozomi Networks, employees remain the weakest link in cyber and physical security as critical infrastructure organisations converge their IT, operational technology, internet of things and physical systems to improve overall performance.

The survey polled more than 400 C-level executives from Asia-Pacific, including Australia, North America and Europe, with 52% noting that employees were the biggest threat to operational security.

Nearly nine in 10 executives said their organisation had experienced a security incident in the previous 12 months and more than half have suffered two or more.