Energy sector most targeted for cyber attacks

cyber security

The energy sector was hit the hardest by cyber attacks last year, according to the latest data released by the Australian Cyber Security Centre (ACSC).

The ACSC 2016 Threat Report found that between July 2015 and June 2016, cyber emergency response body CERT Australia, responded to 14,804 cyber security incidents affecting Australian businesses.

Of the 14,804 incidents, 418 involved systems of national interest and critical infrastructure. Eighteen per cent of those incidents targeted the energy industry.

“In CERT Australia’s experience, the energy and communications sectors had the highest number of compromised systems, the banking and financial services and communications sectors had the highest incidence of DDoS activity, and the energy and mining/resources sectors had the highest number of malicious emails being received,” the report said.

Industrial control systems (ICS) support the automation and management of physical components used in production and distribution for critical infrastructure networks, and underpin the delivery of essential services to the Australian population.

The report said the prevalence of ICS technologies in critical infrastructure – and the evolution towards greater connectivity and dependence – presented an opportunity for sophisticated adversaries.

“For example, with adequate access, knowledge and capabilities, a sophisticated adversary could modify ICS systems to achieve a disruptive effect on critical infrastructure.

“These effects could include manipulating the production and supply of energy and power, the creation of outages, damage to industrial systems, and manipulation or theft of information utilised by infrastructure owners and operators.”

The report made note of the December 2015 Ukraine power outages, which highlight the vulnerabilities of critical infrastructure to sophisticated adversaries.

“In a well-planned and highly coordinated operation, an adversary successfully compromised and affected the systems supporting three power control centres, taking down 30 substations and leaving over 225,000 Ukrainians without power for several hours,” the report said.

“The adversary also delayed restoration efforts by disabling control systems, disrupting communications and preventing automated system recovery. These effects were the result of over six months of planning and involved a range of activities, including compromise through spear phishing, the theft of user credentials through key loggers, and data exfiltration.”

The report, which provides information about the trends in cyber security and offers solutions to protect against threats, said malicious cyber activity against the private sector risked “the profitability, competitiveness and reputation of Australian businesses”.

Australian networks which hold large amounts of personally identifiable information, such as electricity and energy companies, will continue be targeted by cyber adversaries.

Read the full report here.