Our infrastructure needs cyber protection
As Australia’s energy infrastructure becomes smarter and more connected, it becomes a more tempting target to threat actors that want to cause disruption.
Australia’s smart infrastructure should be celebrated but we need to protect it from cyber attacks
Quietly, Australia’s renewable energy sector has provided a steady stream of positive news. Recently, renewable energy accounted for a record 50.4 per cent of national output. The growth of solar, hydro and wind energy has also been driving a jobs boom, with a 30 per cent nationwide increase in sector employment between 2018 and 2019. According to data from the Australian Bureau of Statistics, home-installed solar options are thriving, an indication that Australians are considering future-proofing their energy needs.
Even before the COVID-19 crisis, Australia was striving towards a more diversified, greener and smarter energy supply. However, the pandemic has prodded Australians to take action in becoming more self-sufficient as they spend more time at home and this has accelerated the switch to solar energy.
As our infrastructure becomes smarter and more connected, it becomes a more tempting target to threat actors that want to cause disruption. Smart grids effectively use computer systems and networks to act as glue between infrastructure components and these provide routes for hackers to get into the grid. Likewise, poorly-secured transmitters and other electronics that control energy systems offer easy physical access for hackers to move through to IT networks, including personal home networks.
While Australia has no reason to believe that a malicious actor will imminently disable our power grids, an attack of this nature isn’t unrealistic. There are any number of reasons that may motivate groups or individuals to target our infrastructure. Currently, there are 21 coal-fired power plants in Australia and, aside from nation-states, these make tempting targets for disgruntled individuals, climate activists or bad actors. These plants are now connected, through smart technologies in our national grid, to thousands of other generation systems, including personal solar panels on people’s homes. The convergence of Operational Technology (OT) with smart devices and IT networks is increasing what cyber experts term ‘the attack surface’ and makes the power grid more vulnerable to exploitation.
This convergence between old and new technology is exposing formerly isolated OT networks to threats their designers never would have imagined. In February, a ransomware attack against a US gas pipeline operator brought down their pipeline for two days. The attack happened because the adversary was able to hop from the operatorsIT network onto the OT network when an employee mistakenly clicked on a malicious email link. The fact is that many organisations don’t understand where they’re vulnerable because they lack an understanding of the intricacies of how their systems are interconnected.
Clearly, traditional methods for protecting infrastructure technology are no longer sufficient: Security teams have traditionally relied on physically separating OT systems from IT networks – a process known as ‘air gapping’ – these air gaps no longer exist.
In addition, similarly to IT technology in businesses, OT systems grow and change and as time passes and people move on, things get lost. As Australia’s infrastructure grows and becomes more decentralised, it will be even tougher to keep track of every component inside and outside of operational technology environments, resulting in unknown assets exposing operators to unknown risks. Furthermore, when we consider the growth of home-based renewables, who will keep these intelligent, decentralised systems up-to-date? Will this burden fall onto the households themselves?
In order to ensure Australia’s lights stay on and to keep the public safe, organisations need to take the lead on mapping their entire network in order to understand what assets they have, how they are exposed, and to what extent. In this digitally-connected era, we are right to demand more of our infrastructure. However, to celebrate the benefits it brings cybersecurity must be considered a fundamental component, rather than an afterthought.
Dick Bussiere is Technical Director, APAC, Tenable
Why that Valentine’s Day gift might head back to the shop
Australians returned more than $11m in gifts, or 88,600 items, in the fortnight after Christmas and it could be down to people cashing in what they can to make ends meet, a data collector says.
CEO still MIA as Richard White is back with a vengeance
WiseTech says it is progressing with its search for a new chief, as Richard White wastes no time settling into his new $1m a year consulting role at the company he took some brief leave from.