In this post, elevenM’s Iain Lindsay-German and Jonathan Gadir assess the current strategic cyber threat environment and explore what critical infrastructure operators should do in response.
For several years now, elevenM has been closely tracking increasing security threats on critical infrastructure and observed how shifts in the geopolitical and strategic threat environment are contributing to the intensifying of these threats.
Increasingly loud warnings from intelligence chiefs and security agencies confirm that malicious cyber activity is now part and parcel of the way global geopolitical tensions play out.
Clearly, there are implications for Australia’s critical infrastructure sector, with the Australian Cyber Security Centre (ACSC) describing the cyber threat to critical infrastructure operators as “an enduring concern”. Given these operators manage many of our most essential services – like our ports, electricity grids and water supplies – an adverse impact to one more of them can clearly damage both our national and economic security.
Australian critical infrastructure networks “regularly experience” both targeted and opportunistic malicious cyber-attacks, according to the ACSC’s most recent annual cyber threat report. An example of this came in July, when a China-backed cyber-espionage group was identified in a joint Five Eyes advisory as having targeted government and private sector networks in Australia.
The view from the US is equally troubling. More than half of 500 US critical infrastructure suppliers have experienced attempts to take control of their systems, while 40 percent experienced attempts to shut down systems, according to a survey.
The ACSC expects activity targeting critical infrastructure to grow in size and complexity.
What are cyber actors trying to achieve by targeting critical infrastructure?
Attackers target critical infrastructure for several reasons. These include to disrupt or degrade services, steal or encrypt data for profit or other competitive advantage, or to obtain sensitive information in order to advance strategic aims.
A growing concern are the preparatory activities being carried out by state actors in anticipation of a future conflict. Australian Security Intelligence Organisation (ASIO) chief Mike Burgess expressed concern about this recently, when he warned of the potential for Australia’s adversaries to “pre-position malicious code” in critical infrastructure, particularly telecommunications and energy. An advisory from the Australian Government in February also described how state sponsored cyber actors are seeking to “preposition themselves on IT networks” in order to carry out disruptive or destructive cyber-attacks against US critical infrastructure in the event of a major conflict with the US.
I’m a critical infrastructure operator – what should I do?
After ASIO recently announced that Australia’s national terrorism threat level had been raised from “Possible” to “Probable”, the Federal Government’s Cyber and Infrastructure Security Centre was prompted to note how “protests, disruptions and attacks can impact Australia’s critical infrastructure assets”. It urged critical infrastructure operators to ensure they were adopting “an all-hazards approach to their Critical Infrastructure Risk Management Program to mitigate against threats”.
Developing a Critical Infrastructure Risk Management Program is an obligation for critical infrastructure operators under the Security of Critical Infrastructure (SOCI) Act, passed in 2018 and further amended more recently in response to the growing targeting of infrastructure by cyber actors.
elevenM works with infrastructure operators on these obligations, and more broadly to help them develop comprehensive plans for managing security risks in a critical infrastructure context. We combine our knowledge of regulatory requirements and best-practice security frameworks with our elevated understanding of the strategic threat environment (informed by our team’s experiences across cyber security, intelligence, defence and counter terrorism).
Broadly, our approach to assisting critical infrastructure organisations comprises activities including (but not limited to) understanding the specific threat for a given entity based on its industry and operations, developing “all hazards” risk management strategies, and building frameworks and methodologies to manage and mitigate those risks.
Contact us
If you’d like to know more about how to meet SOCI obligations or are seeking help developing risk management plans for your infrastructure entity, contact us at hello@elevenM.com.au or on 1300 003 922.