Modern Australian
The Times

Cyber attacks can shut down critical infrastructure. It's time to make cyber security compulsory

  • Written by Richard Oloruntoba, Associate Professor of Supply Chain Management & Supply Chain Management Lead, Curtin University

On May 7, a pipeline system carrying almost half the fuel used on the east coast of the United States was crippled by a major cyber attack. The five-day shutdown of the Colonial Pipeline resulted in widespread fuel shortages and panic-buying as Virginia, North Carolina and Florida declared a state of emergency.

The attack highlights how vulnerable critical infrastructure such as fuel pipelines are in an era of growing cyber security threats. In Australia, we believe the time has come to make it compulsory for critical infrastructure companies to implement serious cyber security measures.

Collateral damage

The risk of cyber attacks on critical infrastructure is not new. In the wake of the events of September 11, 2001, research demonstrated the need to address global security risks as we analysed issues of vulnerability and critical infrastructure protection. We also proposed systems to ensure security in critical supply chain infrastructure such as seaports and practices including container shipping management.

The rise of “ransomware” attacks, in which attackers seize important data from an organisation’s systems and demand a ransom for its return, has heightened the risk. These attacks may have unintended consequences.

Read more: Colonial Pipeline forked over $4.4M to end cyberattack – but is paying a ransom ever the ethical thing to do?

Evidence suggests the Colonial shutdown was the result of such an attack, targeting its data. It appears the company shut down the pipeline network and some other operations to prevent the malicious software from spreading. This resulted in a cascade of unintended society-wide effects and collateral damage.

Indeed, the attackers may have been surprised by the extent of the damage they caused, and now appear to have shut down their own operations.

Cyber attacks can shut down critical infrastructure. It's time to make cyber security compulsory The Colonial Pipeline attack led to fuel shortages across the eastern United States. Will Oliver / EPA

We have seen how critical supply chain infrastructure can be severely disrupted as collateral damage. We must consider how severe the fallout might be from a direct attack.

The events in the US also raise another important question: how vulnerable is our critical supply chain infrastructure in Australia?

Critical infrastructure is an attractive target

Australian society is dependent on many international and domestic supply chains. These are underpinned by critical supply chain infrastructure that is often managed by advanced and interlinked information and communication systems. This makes them attractive targets for cyber attackers.

Cyber risk frameworks are often derived from traditional risk management approaches, addressing issues of a potential cyber attack as routine conventional risk. These risk management approaches weigh up the costs of preventing a cyber attack against the costs and probability of a breach.

In some industries, this assessment will factor in the cost of a lost customer base who may never return. However, providers of critical services such as transportation, medical care, electricity, water, and food see little risk of losing customers.

After the Colonial incident, customers trooped back to petrol stations as soon as they could and went on buying fuel. Thus, critical industries may perceive less cost from a breach than companies in other industries because their customers will return.

Time for compliance

Australia’s national efforts in cyber security are coordinated by the Australian Cyber Security Centre (ACSC) under the auspices of the Australian Signals Directorate. The ACSC works with public and private sector organisations to share information about threats and guidance on best practices for security.

ACSC documents such as the Essential Eight provide guidance for organisations on baseline security measures. These are supplemented by more comprehensive resources including the Australian Government Information Security Manual.

However, our research has shown the best practices are not universally followed, even by the Australian government’s own websites.

Read more: The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a 'wicked' problem

Lack of knowledge is not the problem. Security best practices are generally well understood and documented by the ACSC. The ACSC also provides specific guidance for critical sectors and industries, such as a security framework developed for the energy sector.

The challenge here is that these are guidelines only. Companies can choose whether to follow them or not.

What Australia needs is a cyber security compliance program. This would mean making it compulsory for companies that manage critical infrastructure such as ports or pipelines to follow some kind of rules.

A first step might be to demand these companies comply with the existing guidelines, and require certification of a baseline of cyber security.

Lessons from the United States

The US government responded to the Colonial cyber attack with an executive order to improve cyber security and federal government networks. The order proposes a raft of measures to modernise standards and improve information sharing and reporting requirements. These are valuable measures, many of which are already within the scope of the existing duties of Australia’s ACSC.

Another measure in the US order is the establishment of an independent Cyber Safety Review Board. Australia could likewise establish a partnership between government and industry to oversee cyber security. A similar body already regulates aviation: the Civil Aviation Safety Authority.

Read more: Australia is facing a looming cyber emergency, and we don't have the high-tech workforce to counter it

Such an organisation would provide robust analysis and reporting of cyber incidents. It would also share information with information technology managers, software and hardware developers, public administrators, crisis managers, and others.

Cyber security threats create high levels of uncertainty for the public and private sector. Attacks that disrupt critical supply chain infrastructure have widespread impacts on society and trade.

A cyber security compliance program may be financially costly, but would be a worthwhile investment given the societal impact of a successful cyber attack.

Authors: Richard Oloruntoba, Associate Professor of Supply Chain Management & Supply Chain Management Lead, Curtin University

Read more https://theconversation.com/cyber-attacks-can-shut-down-critical-infrastructure-its-time-to-make-cyber-security-compulsory-160991

Plantation Shutters vs Curtains: Which Is Better for Your New Home?

Moving into a new home is an exciting opportunity to personalise your space and make it your own. While many homeowners focus on furniture, flooring...

Celebration of Life vs Traditional Funeral: What's the Difference?

When saying goodbye to someone you love, there is no single way to honour their life. Every family has different traditions, beliefs, and preference...

Building Approval for Roofing Projects: What Homeowners Need to Know

Roofing projects are an important part of maintaining and protecting your home. Whether you're repairing storm damage, replacing an ageing roof, or ...

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...

Why Material Handling Hose Is Critical for Industrial Efficiency

A high-performance material handling hose is an essential component in industries that transport abrasive, dry, or bulk materials on a daily basis...

How to Choose the Right Lawyer in Melbourne for Your Situation

Choosing legal support can feel difficult, especially when the stakes are personal or business-related. The right lawyer in Melbourne should underst...

Hoteliers Look to Clever Value Adds to Increase Revenue

The Australian hospitality industry is still in recovery mode after a notoriously rough patch in recent years. While there has been a post-COVID tra...

Moving to Queensland? Here’s How to Prep Your Car for the Big Move North

There’s no sign of the northern migration slowing down, with thousands of southerners fleeing from chaotic lifestyles and cooler climates for a brig...

Diesel Shortage to Impact Trades and Contractors

Strait of Hormuz blockage affecting all major parts of trades and construction Trades and construction across residential, commercial and industria...

Why Holiday Home Owners Turn to Rental Management Agents

The Allure — and the Reality — of Renting Out Your Property Owning a holiday home is a dream for many Australians. Whether it's a beachside sha...

Why Finding Reliable Doctors In Bundoora Is Important For Long-Term Health

Access to quality healthcare plays an important role in maintaining overall wellbeing and managing health concerns early. Trusted Doctors in Bundoor...

Understanding the Different Types of Car Services: Minor vs Major

When it comes to car maintenance, one of the most important things every vehicle owner should understand is the difference between a minor and a maj...

How Superannuation and TPD Insurance Work Together

Superannuation is an essential part of financial planning in Australia. It is designed to provide individuals with income during retirement, helping...