ACSC publishes cyber advice for critical infrastructure
The Australian Cyber Security Centre (ACSC) has published advice for critical infrastructure providers aimed at helping protect against cyber attacks during the COVID-19 pandemic.
The new guidance includes advice on technical controls that organisations can use to respond to challenges associated with COVID-19, and to support the unprecedented number of people working from home.
The guidelines also include specific advice for infrastructure operations including recommending the establishment of a secondary or tertiary operations control room that may offer better security controls than home or remote access.
Meanwhile, the ACSC is recommending implementing a technical control requiring two communications ‘jumps’ to reach the operations environment, combined with additional controls including unique accounts, passphrases and multi-factor authentication.
The agency has also urged critical infrastructure providers to maintain a detailed logical diagram of the operations network, and to formulate a rapid disconnect plan that can be deployed quickly at any time if malicious activity is identified.
ACSC Head Abigail Bradshaw said the agency is continuing to see attempts to compromise Australia’s critical infrastructure amid the pandemic. “It is reprehensible that cybercriminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis," she said.
“A cyber incident involving critical infrastructure can have serious impacts on the safety, and social and economic wellbeing of many Australians. If these systems are damaged or made unavailable for any length of time, it can cause significant disruption to our lives.”
She said decisions by many critical infrastructure operators to enable remote access to sensitive operational technology can create cybersecurity risks that malicious actors are actively working to exploit.
“Securing Australia’s critical infrastructure, and systems that control our essential services, is a major priority for the Australian Cyber Security Centre and our partners in the sector,” Bradshaw said.
The machine identity gap putting public sector data at risk
While there is an increased focus on AI and secure data access, many agencies still lack a...
Access management remains a major problem at many Australian councils
As AI starts to be used more widely in the local government sector, further granularity around...
Australia's next Budget must treat cyber resilience as essential infrastructure
The federal Budget needs to make cyber resilience a core investment priority across AI...
