chungking - Fotolia
The threat of foreign state-sponsored hackers breaking into Australia’s infrastructure and wreaking havoc sounds like something out of a Tom Cruise film, but as the CEO of a company that helps organisations defend against such attacks, I can assure you this is not an elaborate Hollywood plot. Unfortunately, it is a threat that Australia and many other nations are facing right now.
If successful, hackers could shut down water treatment plants, stop electricity generation or even manipulate transport systems. The aim is political and economic chaos.
State-sponsored attacks on national infrastructure are more common than you might think. Earlier this month, Iran was accused of a cyber attack on Israel’s water infrastructure and Donald Trump declared a state of emergency after hackers threatened the US power grid.
And Australia is not immune to these threats. Last week, the Australian Cyber Security Centre (ACSC) advised operators of the country’s critical electricity, water and telecoms infrastructure to double-check security controls for staff accessing control systems remotely during Covid-19. The ACSC lists telecommunications, electricity, water and ports as the highest-risk areas.
Australian infrastructure is particularly vulnerable right now, because of many years of under-investment in cyber security and ageing legacy systems. These systems are now linked to online enterprise systems, making them potential targets.
More than 60% of our clients have had general malware and ransomware on the systems they use to monitor machinery and processes, more commonly known as operational technology. Across our clients, we are seeing the oil and gas sectors as key attack targets.
Most types of threat we see in infrastructure include malware or ransomware. This includes password stealers, keyloggers, command and call-back agents, and crypto miners.
In addition to ageing systems, Australia is also facing a skills gap, with the majority of the engineers who oversee these systems having little or no cyber security training.
In the past, the main strategy used to defend against these attacks was physically separating systems, known as air-gapping. However, as time moved on, organisations have increasingly merged their online and operational technologies to remain competitive. The result is a bigger target for hackers to aim at.
To complicate matters further, modern operations increasingly employ third parties to fill skills vacuums. Having more people with access to systems increases risk.
Applying an air gap is no longer the answer and is certainly not sustainable moving forward. If Australian infrastructure operators want to dramatically reduce any cyber threat, they need to look at all of their technology and systems as a whole and consider how they will evolve together in the future.
Read more about cyber security in Australia
- Australian organisations can address data protection challenges by creating roles such as a data governance lead, classifying data and improving employee awareness of cyber hygiene.
- About four in 10 employees are sharing inappropriate data across mobile devices and half of all security incidents in 2019 occurred through inappropriate IT use, new study finds.
- VMware’s Carbon Black is planning to open a new datacentre in Australia in the first half of 2020 to support local firms bounded by regulatory and data residency requirements.
- Australia’s Royal Melbourne Institute of Technology has teamed up with Amazon Web Services to launch a Cloud Innovation Centre to solve cyber security challenges.
Importantly, they also need to treat the monitoring of workstations as vital to reduce the chance of human error, especially when contractors and sub-contractors form part of daily operations.
From a technical perspective, there are other effective tools that can be used, such as network forensics which help to track the entire sequence of an attack, following industry-wide protocols and creating an accurate picture of the normal operating environment, so that atypical behaviour can be detected quickly.
In 2010, when the malicious Stuxnet malware was used to damage Iran’s nuclear programme, the world realised that critical infrastructure was as vulnerable as their personal laptop. This watershed moment gave rise to the notion of super-hackers that were too skilled and well-resourced to be prevented.
And while, like thousands of other film fans around the world, I am keen to see Keanu Reeves return to the big screen as Neo, thankfully, Australia has the skills and knowledge to prevent these attacks, limit their impact, and prevent their perpetrators from gaining mythical Matrix status.
The threats posed by nation-states are very real, but thankfully “act of war” attacks are very unlikely. Nevertheless, the impact of an attack on infrastructure operations could have life-threatening consequences, and Australia needs to be prepared to protect against such attacks to protect its essential services.
Carlo Minassian is CEO of LMNTRIX, an Australian cyber security company that specialises in threat detection and response