The risk of cyber-attacks is a growing problem, as monitoring and control of core Australian infrastructures becomes more complex.
With Australia’s utility operators more susceptible to cyber-attacks than ever, there could be widespread disruption across the nation.
On Tuesday the 24th of July, in Sydney, a panel of experts talked about how companies can manage the risk of cyber-attacks.
Frost and Sullivan industry director Ivan Fernandez said there was a rapidly increasing attack surface for cybercriminals.
“Infrastructures which, until now, have operated in isolation are being connected in ways never before imagined,” he said.
For electricity generators and distributors, complexity is being created by the growing number of small producers feeding power into the grid.
The output from wind farms and solar arrays must be carefully monitored and controlled to ensure they do not have a detrimental impact on stability, but this control may well be the subject of cyber-attacks.
In the electricity sector, the growth of renewable generation was changing the game for providers, said Fernandez.
About 700 megawatts of renewable generation capacity was brought online in Australia during 2017 and even more was being rolled out this year, he said.
“In addition, the mainstreaming of smart meters opens up more security issues that will need to be addressed,” said Fernandez.
Water providers were increasingly shifting to decentralised treatment plants, more complex recycling and resource-recovery systems, and smart water meters – all of which required increasing levels of connectivity for monitoring and control, he said.
Indra solutions manager Giovanni Polizzi said the challenge of implementing effective security was becoming even greater with the emergence of the Internet of Things (IoT).
“You have a growing number of devices across the utility infrastructure that have never before been connected to the internet. This may create security issues as it opens new opportunities for cybercriminals to launch attacks,” he said.
CQR Consulting chief technology officer Phil Kernick said cybersecurity challenges needed to be addressed immediately.
“Overall, security in this area is not being done well right now. It tends to be managed by control engineers who have limited experience in the area.”
Zscaler Asia Pacific and Japan vice president Scott Robertson said while the challenge could appear daunting, tackling the issue of cybersecurity didn’t have to be a difficult process for utility companies.
“We are certainly not saying that they have to triple their spending on security measures. Tools already exist that allow preventative measures to be put in place quickly and effectively. It’s a matter of establishing where the threats exist and selecting the best tools for the job.”