In its first annual risk review, the newly formed Cyber and Infrastructure Security Centre (CISC) has warned that vulnerable targets including mining companies, healthcare, hospitals and energy systems are exposed, with foreign interference marked as a higher threat to national security than terrorism.

Department of Home Affairs deputy secretary Hamish Hansford told The Australian the nation’s infrastructure was under threat on a “day to day” basis, and was an “enduring target of interest” for bad actors through maliciously hidden code in infrastructure such as power, communications and water supply facilities.

“The pre-positioning of malicious code in infrastructure would be of significant concern, and so the risk mitigant to that is to make sure that companies and government have the protections in place to be able to detect it, and to thwart those attacks,” Mr Hansford said.

“Pre-positioning for any impact either to obtain information or to prepare for a future event would be of concern,” he said.

CISC was founded last year with the objective of leading industry partnerships and supporting the implementation of the nation’s cyber security strategy.

The CISC report does not identify any particular nation as a threat, and Mr Hansford would not be drawn on who was behind the sophisticated attacks seen to date, but China has been at the forefront of Australia’s cyber security concerns.

Telecommunications provider Huawei was prohibited in 2018 from taking part in the rollout of 5G telecommunication infrastructure in Australia on national security grounds, over concerns the Chinese government had hidden “backdoor” access in the company’s systems.

The CISC review noted that trusted insiders could deliberately disclose sensitive information to third parties, manipulate systems and networks to cause harm, or be recruited by foreign intelligence services.

“Dark web job adverts targeting ‘disgruntled employees’ are being used as a recruitment tool as more threat actors look to exploit insider access,” the review said.

The report found that Australia remains vulnerable to international supply chain disruption and single source supply for critical components and services, warning critical infrastructure providers need to “develop adaptive supply chain resilience plans, driven by risk analysis, to withstand disruption to global supply chain networks”.

“Australia’s critical infrastructure sectors are deeply interconnected; significant disruption in one sector will affect other sectors,” the review states.

Mr Hansford said there were attacks ranging from “routine scanning” to sophisticated, targeted attacks on critical infrastructure.

“If you view Australian critical infrastructure as a series of networks and systems, they are able to be attacked through a whole range of different ways,” he said.

In the last financial year 188 successful cyber incidents were reported against critical infrastructure, but Mr Hansford says Australia had not yet had a “catastrophic” attack.

“When you look internationally, some of the closest attacks were like Colonial Pipeline, an attack on a pipeline in America, which then had cascading impacts across the economy,” he said.

That attack led to the US government issuing an emergency declaration for 17 states to keep fuel supply lines open, and was only resolved when the company paid a $4.4 million ransom to the hacker group responsible.

“We‘ve had a lot of data breaches in Australia, which have been impactful for Australian citizens and Australians generally but we haven’t had a catastrophic cyber incident but that’s our job to prepare every day to make sure that industry and government can respond to such an attack of that nature.”

While Mr Hansford would not speculate on the state actors behind the sophisticated attacks against Australia, cyber security expert Robert Potter, industry partner of the US-led Counter-Ransomware Initiative - whose Australian arm is led by the Home Affairs department - said China, Russia, Iran and North Korea were predominantly behind cyber attacks.

Mr Potter said he believed pre-infected devices manufactured in China were already deployed and lying dormant in government systems and critical infrastructure.

“There would be digital landmines sitting in Australian critical infrastructure unfound and unresolved at this point,” Mr Potter said.

“In some worst case scenarios it could have a really significant impact on a critical infrastructure that could start switching things off that we really need to keep on,” he said.

“At the beginning of the 2014 conflict between Russia and Ukraine, Russia successfully switched off significant chunks of Ukraine‘s energy systems using a cyber attack.”

“There would be pre infected devices manufactured in China that are deployed on government systems and critical infrastructure that haven‘t been turned off or found yet.”

China has national security legislation allowing its government to force Chinese companies to change code bases and install backdoors in software and hardware.

“We‘ve seen them do it in the past by putting latent code in certain companies, and that’s why some have been banned by the Department of Home Affairs over the past few years,” Mr Potter said.

“Concerns around that were pretty important as to why Huawei was banned and so pushing in that direction is exactly why the government‘s concerned about it - because the Chinese have a history of exploiting their industrial base for their espionage purposes,” Mr Potter said. “China has sought every advantage to control the critical infrastructure of partners and potential enemies using its technology.”

Mr Potter also warned that many of the systems behind Australia’s critical infrastructure were “built in quite insecure ways”.

“Everything you would traditionally lock offline during an actual military conflict is in scope for cyber ops,” he said.

“There‘s a lot of immature areas of Australian critical infrastructure, some really bad - healthcare, probably the worst.

“If you‘re running a small local hospital, you’re part of the critical infrastructure space, but you’re just not going to be as mature as a bank.

“And you‘ve got a lot of old medical technology that’s almost impossible to make secure, some of this stuff has to run on Windows 95, because it was the last supported version, so you’ve got really old tech running on really vulnerable technology, and it’s really hard to make it secure.

Those behind the attacks were large Chinese espionage-affiliated cyber gangs., he said.

“Their job is to infiltrate targets of interest to the Chinese government, they‘re big, they’ve hit us repeatedly, they’ve had success hitting us repeatedly, they’re good at it,” he said.

He said ransomware gangs in Russia have shown an increasing interest in Australia’s critical infrastructure space.

“ We‘ve seen Russian threat actors increasingly focusing their targets on people who give aid to Ukraine.

“And then there are criminal groups that are increasingly seeing the opportunity to attack our critical infrastructure as a way to make lots of money because it just increases the power of their ransom,” he said.

More Coverage

Russian hackers may have data from 40 departments

Ellen Whinnett

Banks exposed in law firm cyber attack

ELLEN WHINNETT, LIAM MENDES

More related stories

World

‘Tariff person’ Trump says Russia’s G7 exile a big mistake

The US President warned Iran to ‘make a deal’, as Anthony Albanese and other world leaders prepare for high-stakes meetings with him in Canada.

Read more

Nation

Activists put second challenge on the Shelf

Friends of Australian Rock Art will argue that WA did not adequately consider the impact of the North West Shelf on climate change and Aboriginal petroglyphs.

Read more