Control systems in the firing line.
Operators of Australia’s mission-critical electricity, water and telco infrastructure have been urged to double check security controls for staff accessing control systems remotely during COVID-19.
The Australian Cyber Security Centre issued the advice to critical infrastructure providers on Friday amid a jump in cyber activity in recent weeks that has hit corporates and government entities alike.
“We are continuing to see attempts to compromise Australia’s critical infrastructure,” recently appointed ACSC head Abigail Bradshaw said.
“It is reprehensible that cyber criminals would seek to disrupt or conduct ransomware attacks against our essential services during a major health crisis.”
The advice is aimed at helping providers maintain a strong cyber security posture while staff access operational technology environments (OTE) or industrial control systems from home.
Staff members would normally be accessing these sensitive assets from “control rooms or worksites protected by effective cyber and physical security barriers that restrict outside access”.
The ACSC recommends providers configure a minimum of two ‘jumps’, combined with unique accounts, passphrases, and multi-factor authentication for each jump, to gain remote access.
“Preferably, the first jump should be from a device supplied and controlled by your organisation, with a Virtual Private Network connection,” it said.
“The jump should go to a jump host in a demilitarised zone outside the OTE. The second jump then moves to the second jump host within the OTE.”
Other advice contained in the laundry list of guidance includes increasing automated monitoring and auditing of account logins and anomalous network access.
The ACSC has also asked providers to reassess the need for staff to work at home and consider a secondary operations control room that offers better security controls than home or remote access.
“An increase in remote working significantly increases opportunities for adversaries to gain unauthorised access to systems and may cause real world physical harm,” the advice states.
“Critical infrastructure providers need to balance the risks and opportunities of moving staff offsite and document those considerations for senior managers to make informed risk-based decisions on sustaining business continuity.”
Power and water distribution networks, as well as transport and communications grids, are regarded by the ACSC as particularly valuable targets for malicious adversaries.
“A cyber incident involving critical infrastructure can have serious impacts on the safety, and social and economic wellbeing of many Australians,” Bradshaw said.
“If these systems are damaged or made unavailable for any length of time, it can cause significant disruption to our lives.”
But the increase in cyber security incidents during the coronavirus pandemic is not limited to critical infrastructure.
The ACSC is also aware of Advanced Persistent Threat actors targeting the country’s health sector and other COVID-19 essential services during the pandemic.
The government is increasingly concerned about the level of malicious cyber activity and has raised the issue with the United Nations.
“The Australian Government calls on all countries to cease immediately any cyber activity – or support for such activity – inconsistent with these commitments,” cyber affairs ambassador Tobias Feakin said on Wednesday.
“We also urge all countries to exercise increased vigilance and take all reasonable measures to ensure malicious cyber activity is not emanating from their territory.”
Courtesy of IT News (www.itnews.com.au). Written by Justin Hendry, 22 May 2020, 4.35pm