• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Safeguarding Australia’s Critical Infrastructure from Cyber-Attack

You are here: Home / Security News / Safeguarding Australia’s Critical Infrastructure from Cyber-Attack

The Australian Cyber Security Centre (ACSC) recently provided advice to help critical infrastructure providers protect themselves from cyber-attack. This is particularly important given that key staff are working remotely during the COVID-19 pandemic. waterfall

Opportunistic cyber-threat attacks to critical infrastructure are particularly concerning during the current pandemic. Facilities such as power and water distribution networks, transport and communications grids are potential targets for malicious cyber adversaries in Australia and globally.

CSO Australia recently reported the failed Stuxnet-like attack on Israel’s water supply, highlighting the danger associated with assault attempts on control systems of wastewater treatment plants, pumping stations and sewers.

Water Facility Attacks

As Cynthia Brumfield from CSO Australia points out, “although cyber-attacks on the electric grid grab the lion’s share of attention, attacks on water facilities typically generate little press coverage or public focus, making the (Israeli) directorate’s public statement of an attack something of an anomaly”.

The low profile of water companies when it comes to cybersecurity is surprising, given the significant damage a water supply attack could pose. According to Lesley Carhart, principal threat analyst at Dragos, “water has always been the one industry that is least resourced and the most capable of causing impact to life and safety”.

In order for Industrial Control System (ICS) attacks to be successful, adversaries need significant knowledge of the systems to plan an attack. These systems usually combine digital, analogue and mechanical programs and processes, including SCADA systems. However, the requirement for in-depth knowledge does not make them impervious to cyber-threats.

Strategic Approach Lacking

To highlight local vulnerability, Victoria alone has 19 state‐owned water authorities and a privately operated Victorian Desalination Plant (VDP). The May 2019 Security of Water Infrastructure Control Systems report by the Office of the Victorian Auditor General concluded that “water providers lack a strategic approach to managing cybersecurity risks that integrates their corporate and control system environments and aligns to leading industry security standards for control systems”.

The report states that although the audited water providers have improved their cybersecurity, the “evolving threat landscape requires water providers to now increase their focus on assessing and significantly strengthening their control system security”. Notably, it is believed that their control systems are vulnerable to the risk of a successful cyber-attack, “particularly by a trusted insider or an intruder breaching physical security and gaining unauthorised access”.

As there are currently no Victorian or Australian security standards specific to control systems[5], cybersecurity threats to water control systems can pose significant risks to public health and safety, the environment and business operations.

Ensuring that critical infrastructure providers have current, fit-for-purpose Business Continuity Plans, Disaster Recovery Plans and Emergency Management Plans in place is essential, particularly during periods of heightened risk.

Agilient consultants have the expertise and are available to assist executive teams in mitigating cyber risks. Contact us to discuss how we can help your business.

Author: Phillipa Lee, Agilient Consultant

Tweet
Share

General,  Security News business continuity plans,  critical infrastructure,  cyber attacks,  cyber threats,  cybersecurity,  government,  water processing plants

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2021 Agilient · Level 3, 655 Pacific Highway, St Leonards, NSW 2065 · 1300 341 692