Building cyber resilience in Australia’s critical services

The rise in geopolitical tensions and an increase in supply chain attacks are some of the challenges in safeguarding Australia's critical assets, CEO of .au Domain Administration Rosemary Sinclair AM and Information Security and Cyber Resilience at Endeavour Energy, Gijo Varghese told a CEDA livestream last week.

The war in Ukraine is possibly the first recorded invasion where cyberwarfare preceded military operations, and is a sign that cyberwarfare is here to stay, Gijo Varghese told a CEDA livestream last week.

“If you look at the geopolitical event in Europe and when Russia invaded Ukraine, we could see the cyberattacks started much before the invasion itself,” Varghese said.

“Russia essentially targeted electricity networks, telecommunication networks and hospitals.

“Gone are those days when cybersecurity was just an IT problem of an organisation. It's now become a business risk and has potential impacts on the Australian economy, so resiliency is becoming necessary.”

The rise in geopolitical tensions has also coincided with an increase in cyber threats.

“When we had the Russian invasion of Ukraine, we saw a flurry of activity on the internet, specifically a lot of reconnaissance on our border systems,” Varghese noted.

“Cybersecurity incidences that specifically cross borders cannot be controlled by one country. There needs to be a larger collaboration between the Australian Cyber Security Centre (ACSC) and other peak cyber security government organisations like the National Cyber Security Centre (NCSC) in the UK, the Cybersecurity and Infrastructure Security Agency (CISA) in the USA and the Computer Emergency Response Team (CERT) in New Zealand.”

Rosemary Sinclair AM, CEO of .au Domain Administration also praised the ‘multistakeholder model of internet governance’ and warned against a splintering of the internet.

“An open, interoperable global internet is better for users than to start chopping the internet into little closed ‘splinternets,’ if you like,” she said.

“If you go to the ICANN website, there's the transparent discussion in response to a question from representatives of the Ukrainian government about whether Russia should be part of the global internet. The request is transparent, the response is transparent, and it's the best and most significant demonstration of the value of the multistakeholder model.”

The other challenge to businesses has been the increase in supply chain attacks. Varghese quoted the 2021 CloudStrike Global Security Survey, where 45 per cent of respondents’ organisations experienced at least one software supply chain attack in the last 12 months, compared to 32 per cent in 2018.

“This is because enterprise is now hardening their technology environment and malicious attackers have turned on to softer targets like trusted third-party vendors who offer technology services and software,” he said.

The increase in online small businesses, accelerated by the pandemic, has exposed more consumers to the risk of a cyber-attack. Sinclair said they had seen an extra 200,000 small businesses register for a website through the Domain Name System.

“The Australian economy is heavily dependent on small businesses and the vast majority of Australians are employed by small businesses, so the digital capability of those businesses is critical to the success of our whole economy,” she said.

In .auDA’s annual survey, they found only 25 per cent of Australian small businesses have cyber security practices in place.

“There's a lot of work for all of us to do in terms of uplift of cybersecurity capability and resilience. If we can start communicating about the solutions and providing the tools, then we can bring people on the journey,” she said.

This event was part of CEDA’s State of the Nation series in the lead up to our annual State of the Nation event on 8 September.