ACSC publishes cyber advice for critical infrastructure

The Australian Cyber Security Centre (ACSC) has published advice for critical infrastructure providers aimed at helping protect against cyber attacks during the COVID-19 pandemic.

The new guidance includes advice on technical controls that organisations can use to respond to challenges associated with COVID-19, and to support the unprecedented number of people working from home.

The guidelines also include specific advice for infrastructure operations including recommending the establishment of a secondary or tertiary operations control room that may offer better security controls than home or remote access.

Meanwhile, the ACSC is recommending implementing a technical control requiring two communications ‘jumps’ to reach the operations environment, combined with additional controls including unique accounts, passphrases and multi-factor authentication.

The agency has also urged critical infrastructure providers to maintain a detailed logical diagram of the operations network, and to formulate a rapid disconnect plan that can be deployed quickly at any time if malicious activity is identified.

ACSC Head Abigail Bradshaw said the agency is continuing to see attempts to compromise Australia’s critical infrastructure amid the pandemic. “It is reprehensible that cybercriminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis," she said.

“A cyber incident involving critical infrastructure can have serious impacts on the safety, and social and economic wellbeing of many Australians. If these systems are damaged or made unavailable for any length of time, it can cause significant disruption to our lives.”

She said decisions by many critical infrastructure operators to enable remote access to sensitive operational technology can create cybersecurity risks that malicious actors are actively working to exploit.

“Securing Australia’s critical infrastructure, and systems that control our essential services, is a major priority for the Australian Cyber Security Centre and our partners in the sector,” Bradshaw said.

Image credit: ©stock.adobe.com/au/Yuttana Studio