Prepare for cyber attacks on infrastructure

More steps are needed to protect critical infrastructure from cyber attack, says Dr Elena Sitnikova, Associate Professor of Cybersecurity and Networking, at Flinders University.

Associate Professor Elena Sitnikova.

Associate Professor Sitnikova was reflecting on the creation of Australia’s first standalone Cyber Security Act, one of the seven key initiatives introduced under the 2023–2030 Cyber Security Strategy to protect Australians from cyber threats.

Hostile cyber attacks could target critical infrastructure causing widespread outages in power, water, transport, healthcare and other major services.

“The Australian Government also recognised the necessity of the critical infrastructure protection and introduced the Security of Critical Infrastructure Act 2018,” she says.

“It is vital to look for new ways to defend our nation’s critical infrastructures from the potentially catastrophic destruction of essential services from what are now inevitable cyber-attacks, incidents and disruptions.

“All-too-common data breaches by overseas cyber criminals, as well as recent incidents involving other critical infrastructure such as Australia’s port system, demonstrate how vital it is for Australia to have a robust Protective Security Policy (PSP) and for industries to follow the Australian Government Department of Home Affairs’ recommendations for implementation of the PSP Framework (PSPF).”

However, even when organisations comply with legislation, guidelines and frameworks, there are still many challenges to adopting risk-based approaches to defending critical operations and their complex settings, she says.

“Criminals are capable not only of physical attacks on infrastructure but can also use digital assaults, such as using hardware backdoors to release malware and denial-of-service attacks, or attack the processes targeting the human-in-the-loop.

“Digital interconnectedness has revolutionised how we explore and use data from diverse sources, but this creates huge risks. The massive level of connectivity between control devices and machines increases the possibility of unpredictable, multi-system, catastrophic failures if even a single device connected to the network is compromised.

“The priority is shifting to protective security that minimises the potential for damage to operations/systems, so work must continue on protecting Australia’s critical infrastructure and its sovereign capabilities.

Defending critical systems poses special challenges as many have been in place for decades, and therefore include what we call ‘legacy systems’ alongside the integration of new IIoT (Industrial Internet of Things) devices, making these critical systems more vulnerable to attack.”

Posted in
College of Science and Engineering International News Research Teaching and learning