As you wake up in the morning, you finally convince yourself to leave the warmth and comfort of your bed, only because there is an equally warm shower waiting for you. You proceed with your daily routine, brewing yourself a hot coffee and walking to catch the bus into work. No thought goes into these conveniences provided to you and the critical infrastructure that facilitates them.
Food, water, health, communications, transportation and banking all have one thing in common - they all represent parts of Australia’s critical infrastructure. Critical infrastructure has become the backbone of a functioning society worldwide, not just within our homes. It underpins our Australian society and economy and is integral to the prosperity of the nation.
Now, take a moment to imagine if a cyber attack was to occur on just one of these critical infrastructure facilities. There would be no running water for your shower, no electricity to brew your morning coffee, or perhaps no bus to take you to work. National security risks to critical infrastructure are becoming increasingly complex and have continued to evolve over recent years. Rapid technological changes are taking place all the time, such as the introduction of Internet of Things (IoT) devices or more specific to critical infrastructure, Operational Technology (OT) devices. These devices introduce a growing number of threats to critical infrastructure systems and facilities as they become cyber connected.
Within Australia, the Critical Infrastructure Centre coordinates the management of the national security risks that face Australia’s critical infrastructure. The centre works with state and territory regulators to help identify and mitigate risks, primarily focusing on sabotage, espionage and coercion in the telecommunications, electricity, gas, water and ports sectors.
In addition, the Security of Critical Infrastructure Act 2018 assists in the management of these national security risks posed by foreign involvement in Australia’s critical infrastructure within the electricity, gas, water and ports sectors. The Act aligns with the government-business partnership approach, that underpins Australia’s Critical Infrastructure Resilience Strategy. It ensures that the Government has all the information necessary to conduct national security risk assessments, by introducing three measures:
- An asset register to provide the Government visibility of who owns and controls these assets, enabling better targeting of our risk assessments.
- The ability to obtain more detailed information from owners and operators of assets in certain circumstances to support the work of the Centre.
- The ability to intervene and issue directions in cases where there are significant national security concerns that cannot be addressed through other means.
Here at Alcorn Group, we have extensive and proven experience in providing various types of security assessments on facilities and infrastructure alike. As highlighted in one of our previous articles (which you can read about here), Alcorn Group has accumulated experience in conducting successful red team engagements on utility facilities which provide critical infrastructure to the local community. Alcorn Group also has the ability and skills required to conduct various types of infrastructure security assessments to assess the resilience of IoT and OT devices used in relation to critical infrastructure.
Whether it is through providing a thorough Red Team engagement, or by conducting an infrastructure security assessment, Alcorn Group is committed to accurately identifying risks and providing tailored remediation steps to assist in the protection of many government critical infrastructure facilities.
Get in touch with the Alcorn Group team to discuss how we have assisted organisations with the development of their cyber security resilience in the past, and how your organisation can benefit from these strategies.