Les Bell
Blog entry by Les Bell
The Australian Department of Home Affairs and the Cyber and Infrastructure Security Centre has released the first Critical Infrastructure Annual Risk Review, to mark Critical Infrastructure Security Month.
The review found that foreign interference and espionage are principal threats to Australia's infrastructure, with foreign actors seeking everything from critical research and intelligence to details on production and service levels.
However, the review also pointed out that trusted insiders pose a significant threat to the critical infrastructure sector, since they can deliberately - or accidentally - disclose sensitive information to third parties, manipulate systems and networks to cause damage, or be recruited by foreign intelligence services. Dark web job ads targeting disgruntled employees are used as a recruitment tool, and are also used as a vector for delivery of malware via trojaned application forms.
The report also pointed to the effectiveness of cyber attacks such as the 2021 Colonial Pipeline incident, which started as a ransomware attack on corporate systems but led to a decision to shut down operational technology systems in order to mitigate cross-system compromise.
The 31-page report has short chapters on critical infrastructure risk and regulation, sector interdependencies, cyber/infosecurity, supply chain threats, physical threats, natural hazards and personnel risks. It concludes with a short section which looks to the future.
Industry Partnerships Branch, Department of Home Affairs, Critical Infrastructure Annual Risk Review, November 2023. Available online at https://www.cisc.gov.au/resources-contact-information-subsite/Documents/critical-infrastructure-annual-risk-review-first-edition-2023.pdf.
Upcoming Courses
- SE221 CISSP Fast Track Review, Virtual/Online, 13 - 17 November 2023
- SE221 CISSP Fast Track Review, Sydney, 4 - 8 December 2023
- SE221 CISSP Fast Track Review, Sydney, 11 - 15 March 2024
- SE221 CISSP Fast Track Review, Virtual/Online, 13 - 17 May 2024
- SE221 CISSP Fast Track Review, Virtual/Online, 17 - 21 June 2024
- SE221 CISSP Fast Track Review, Sydney, 22 - 26 July 2024
About this Blog
I produce this blog while updating the course notes for various courses. Links within a story mostly lead to further details in those course notes, and will only be accessible if you are enrolled in the corresponding course. This is a shallow ploy to encourage ongoing study by our students. However, each item ends with a link to the original source.
These blog posts are collected at https://www.lesbell.com.au/blog/index.php?user=3. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.
Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.