The Australian Cyber Security Centre (ACSC) has produced advice to help critical infrastructure providers protect themselves from cyber attack as key staff work remotely during the COVID-19 pandemic.
Head of ACSC, Abigail Bradshaw said critical infrastructure facilities such as power and water distribution networks, as well as transport and communications grids, were potential targets for malicious cyber adversaries in Australia and elsewhere.
“Securing Australia’s critical infrastructure, and systems that control our essential services, is a major priority for the Australian Cyber Security Centre and our partners in the sector,” Ms Bradshaw said.
“We are continuing to see attempts to compromise Australia’s critical infrastructure.
“It is reprehensible that cyber criminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis.
“A cyber incident involving critical infrastructure can have serious impacts on the safety, and social and economic wellbeing of many Australians.
“If these systems are damaged or made unavailable for any length of time, it can cause significant disruption to our lives.”
Ms Bradshaw said many critical infrastructure operators were making decisions on how to safely keep businesses running while allowing access to sensitive operational technology assets by staff working remotely.
She said those staff would usually be located in control rooms or worksites protected by effective cyber and physical security barriers that restricted outside access.
She said working from home could create cyber security risks that malicious actors were trying to exploit.
Ms Bradshaw said the ACSC advice provided guidance on technical controls that organisations could use to respond to challenges associated with COVID-19, as well as to support operations staff working remotely, some for the first time.
The guidance, COVID-19 – Remote Access to Operational Technology Environments, outlined general cyber security practices for remote working, as well as specific advice for infrastructure operations, she said.
The ACSC advice can be accessed at this PS News link.
