ACSC publishes cyber advice for critical infrastructure


By Dylan Bushell-Embling
Tuesday, 26 May, 2020


ACSC publishes cyber advice for critical infrastructure

The Australian Cyber Security Centre (ACSC) has published advice for critical infrastructure providers aimed at helping protect against cyber attacks during the COVID-19 pandemic.

The new guidance includes advice on technical controls that organisations can use to respond to challenges associated with COVID-19, and to support the unprecedented number of people working from home.

The guidelines also include specific advice for infrastructure operations including recommending the establishment of a secondary or tertiary operations control room that may offer better security controls than home or remote access.

Meanwhile, the ACSC is recommending implementing a technical control requiring two communications ‘jumps’ to reach the operations environment, combined with additional controls including unique accounts, passphrases and multi-factor authentication.

The agency has also urged critical infrastructure providers to maintain a detailed logical diagram of the operations network, and to formulate a rapid disconnect plan that can be deployed quickly at any time if malicious activity is identified.

ACSC Head Abigail Bradshaw said the agency is continuing to see attempts to compromise Australia’s critical infrastructure amid the pandemic. “It is reprehensible that cybercriminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis," she said.

“A cyber incident involving critical infrastructure can have serious impacts on the safety, and social and economic wellbeing of many Australians. If these systems are damaged or made unavailable for any length of time, it can cause significant disruption to our lives.”

She said decisions by many critical infrastructure operators to enable remote access to sensitive operational technology can create cybersecurity risks that malicious actors are actively working to exploit.

“Securing Australia’s critical infrastructure, and systems that control our essential services, is a major priority for the Australian Cyber Security Centre and our partners in the sector,” Bradshaw said.

Image credit: ©stock.adobe.com/au/Yuttana Studio

Related Articles

Adapting to new cybersecurity challenges: a roadmap for Australian government agencies

Given the rise in cyber threats against government networks and critical infrastructure sectors,...

Growing fraud trends in Australian health care

As the healthcare landscape evolves, so do the methods of fraud.

Overcoming the top cybersecurity challenges faced by public agencies

With a new cybersecurity strategy out and the right approach to key challenges, the public sector...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd