Cyberwarfare ‘here to stay’ as threat to critical infrastructure

Russia’s invasion of Ukraine shows that cyberwarfare is a factor that must be taken into account in future cyber security strategies, a forum has heard.

Gijo Varghese

The CEDA forum, held on Tuesday as a lead-up to its State of the Nation conference next month, examined some of the critical issues facing policy makers as the government aims to establish Australia as a leading digital nation.

The passage of the Security of Critical Infrastructure Bill has imposed new security obligations on owners and operators of critical infrastructure, Australia’s has its first cyber security cabinet minister and the National Cyber Security Strategy is set to be updated.

Against this backdrop there’s been an increasing number of cybercrime reports, CEDA says, with one in four now affecting critical infrastructure like health, electricity, water and transport.

New geopolitical threats

Gijo Varghese,  head of information security and cyber resilience at electrical distribution network operator Endeavour Energy, said the war in Ukraine shows that cyberwar is here to stay, with Russia launching cyber attacks on networks, telecommunications, nuclear stations and hospitals.

“If you look at the geopolitical threat environment, specifically with the Russian invasion of Ukraine, cyberwarfare is here to stay,” Mr Varghese said.

Previously, cyber attacks took the form of a ‘proxy war’ to show strategic power or disseminate disinformation.

“This is probably the first recorded invasion where there was digital fighting before the kinetic fighting,” he said.

When the Russian invasion was occurring we saw a flurry of activity on the internet, specifically a lot of reconnaisance on our border systems

Gijo Varghese

Australia hasn’t been immune from state sponsored attacks, Mr Varghese said.

“When the Prime Minister makes a statement that isn’t accepted by high risk countries, we see scanning and reconnaissance happening in our parameter,” he said.

“When the Russian invasion was occurring we saw a flurry of activity on the internet, specifically a lot of reconnaissance on our border systems.”

New threat actors

Mr Varghese said the changing cyber threat landscape is also seeing new industry verticals being targeted, such as research companies and pharma.

“What we’ve seen is sophisticated attacks on research institutions who were developing vaccines to get a competitive advantage,” he said.

Meanwhile, there’s a diverse gallery of threat actors, from state sponsored attackers to petty criminals targeting businesses, to kids and people who lost their jobs during covid getting up to mischief during lockdown.

There’s a need for Australia to build a … capability to monitor the threat environment and build an effective intelligence capability

All this means is that government needs to view cybersecurity as more than an IT issue, Mr Varghese said.

“There’s a need for Australia to build a … capability to monitor the threat environment and build an effective intelligence capability,” he said.

“They need to be able and carry out incidence response to small business and critical infrastructure equally.”

Domestic cyber security

At home the threat landscape is also evolving. Rosemary Sinclair is the CEO of AuDA, the commonwealth government-endorsed authority that maintains the .au country code.

Rosemary Sinclair

The pandemic saw more than 200,000 aust small business jump into the domain name system, Ms Sinclair said, and with that there’s been an increase in the hacking of small business websites and domain abuse for phishing and malware attacks.

Of 3.6 million registered .au domain names, 0.04 per cent were causing domain abuse problems – which still compared favourably to 0.3 per cent of global domains.

Cyber attacks continue to become  more complex and multi dimensional, Mr Varghese said, with targeted phishing attacks and supply chain attacks two of the biggest challenges.

He said according to global security surveys, supply chain attacks were increasing 430 per cent a year, with attackers turning to ‘soft’ targets like third party tech services and software vendors.

The recent explosion of ‘hyper connectivity’ was another challenge, Mr Varghese said, with information and operational networks converging to create a broader attack surface.

Multi-stakeholder model

Ms Sinclair said going forward Australia needs to view itself as part of an international network and build relationships with other trusted stakeholders in the front against cyber crime.

She  said auDA advocates the so-called multi-stakeholder model of internet governance, with government, the private sector, civil society and tech and economic specialists working together.

Mr Varghese said there also needs to be more collaboration between ACSC and other peak cyber security organisations across the UK, US and and NZ.

“There’s a need for exchanging threat intelligence … and collaboration across (domestic) borders as well as international,” he said.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required