ACSC publishes cyber advice for critical infrastructure
The Australian Cyber Security Centre (ACSC) has published advice for critical infrastructure providers aimed at helping protect against cyber attacks during the COVID-19 pandemic.
The new guidance includes advice on technical controls that organisations can use to respond to challenges associated with COVID-19, and to support the unprecedented number of people working from home.
The guidelines also include specific advice for infrastructure operations including recommending the establishment of a secondary or tertiary operations control room that may offer better security controls than home or remote access.
Meanwhile, the ACSC is recommending implementing a technical control requiring two communications ‘jumps’ to reach the operations environment, combined with additional controls including unique accounts, passphrases and multi-factor authentication.
The agency has also urged critical infrastructure providers to maintain a detailed logical diagram of the operations network, and to formulate a rapid disconnect plan that can be deployed quickly at any time if malicious activity is identified.
ACSC Head Abigail Bradshaw said the agency is continuing to see attempts to compromise Australia’s critical infrastructure amid the pandemic. “It is reprehensible that cybercriminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis," she said.
“A cyber incident involving critical infrastructure can have serious impacts on the safety, and social and economic wellbeing of many Australians. If these systems are damaged or made unavailable for any length of time, it can cause significant disruption to our lives.”
She said decisions by many critical infrastructure operators to enable remote access to sensitive operational technology can create cybersecurity risks that malicious actors are actively working to exploit.
“Securing Australia’s critical infrastructure, and systems that control our essential services, is a major priority for the Australian Cyber Security Centre and our partners in the sector,” Bradshaw said.
The global challenge of achieving cyber resilience
There are many challenges to achieving cyber resilience, but topping the list for many...
Security maturity is hard and the pace of change is hurting
NSW agencies recently slipped in their security maturity. The whole of the public sector in...
Protecting Australian communities with intelligent automation
As Australia’s population continues to grow, smart monitoring and surveillance systems can...