It is hard for us in Australia to imagine the consequence of a cyber-attack: an extended loss of power or the failure of related systems such as ATMs, the internet and medical equipment; the failure of public transportation systems; water treatment plants being non-functional; or a lack of food at the supermarkets due to the malfunction of food distribution systems, but this could be consequence of an attack on our critical infrastructure.
In 2020 the Australian national Cyber Security strategy was announced and will invest A$1.67 billion over 10 years to fund and protect Australia. Key aspects of the 2020 Australian Cyber Security includes:
- Protecting and actively defending Australia’s critical infrastructure including defining Cyber Security obligations for owners and operators;
- New ways to investigate and shut down Cyber Crime, including on the dark web;
- Stronger defences of Australian Government networks and data;
- Greater collaboration to build Australia’s Cyber skills pipeline;
- Increased situational awareness and improved sharing of threat information;
- Stronger partnerships with industry through the Joint Cyber Security Centre program;
- Clear guidance for businesses and consumers about securing Internet of Things devices;
- Improved community awareness of Cyber security threats.
Australia is emerging from the global COVID-19 pandemic sooner and at less economic cost than widely expected. But the COVID-19 pandemic has highlighted some new (in some cases temporary) security concerns for Australia’s Critical Infrastructure.
The COVID-19 situation has brought new security risks to Australia’s Critical infrastructure:
COVID-19 Vaccine Hacker Incident - Suspected North Korean hackers tried to break into the systems of British drug maker Oxford / AstraZeneca in 2020. The hackers posed as recruiters on networking site LinkedIn and WhatsApp to approach AstraZeneca staff with fake job offers. The hacker then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to a victim’s computer. The connection to Australia is that Australia will produce 50 million dosages of the Oxford / Astra Zeneca vaccine. The Commonwealth Serum Laboratories will manufacture these doses in Australia on behalf of Astra Zeneca and therefore their operations could become a possible target for Cyber attackers and any attack would have an impact on Australia’s vaccine production;
Cyber Attacks on age care facilities and hospitals (including public health laboratories) – the Australian government has raised concerns about recent ransomware campaigns in 2020 targeting the aged care and the healthcare sectors. Cybercriminals view the aged care and healthcare sectors as lucrative targets for ransomware attacks. This is because of the sensitive personal and medical information they hold and how critical this information is to maintaining operations and patient care. Since the COVID-19 Pandemic we have seen increased ransomware attacks against hospital and aged care facilities.
COVID-19 Vaccine Distribution Cyber Attacks - IBM have identified national malicious Cyber actors targeting the COVID-19 cold chain, an integral part of delivering and storing a vaccine at safe temperatures. The attackers impersonate biomedical companies to sending phishing and spearphishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials. The emails have been posed as requests for quotations for participation in a vaccine program. These attacks have not occurred in Australia yet but there is the potential as the Australian national vaccination program continues that these types of Cyber attacks could occur in Australia and cause mayhem on the Australian national COVID-19 vaccine rollout.
Australia has taken major steps in the protection of its national critical infrastructure and dealing with Cyber Security issues at a national level. We have seen that the COVID-19 situation has brought new challenges to Australia in terms of direct threats upon Australia’s existing critical infrastructure as well as Australia’s new emerging critical infrastructures,
Professor Warren discusses Australia’s twenty-year history of critical infrastructure protection and the future challenges that Australia faces in an invited paper in the forthcoming special edition of the Journal of Information Warfare celebrating its twentieth year.
Author: Professor Matt Warren
Matt Warren is a researcher in the areas of Cyber Security and Computer Ethics and a Professor of Cyber Security here at RMIT University.
Matt Warren also is the Director of RMIT's Centre for Cyber Security Research and Innovation.
Want to know more? Why not register for our upcoming webinar series - "Keeping Australia Cyber Secure in 2021"? The first webinar will centre on the topic of Critical Infrastructure. Find out more here.