ASIO director general Mike Burgess has drawn on last November’s Optus outage to illustrate the fragility of Australia’s critical infrastructure networks to attacks by foreign “crack cyber teams”.
Delivering his annual threat assessment yesterday, Burgess didn’t name Optus, and emphasised that the outage wasn’t due to a cyber attack, but he said: “Services that people take for granted proved uncomfortably fragile.”
“Imagine the implications if a nation state took down all the networks? Or turned off the power during a heatwave?
“I assure you, these are not hypotheticals – foreign governments have crack cyber teams investigating these possibilities right now, although they are only likely to materialise during a conflict or near conflict.”
He said nation-state cohorts are “talking about sabotage, researching sabotage, sometimes conducting reconnaissance for sabotage – but, I stress, not planning to conduct sabotage at this time.”
A cyber attack, he said, is the “most immediate, low cost and potentially high-impact vector for sabotage … Our critical infrastructure networks are interconnected and interdependent, which increases the vulnerabilities and potential access points.”
Echoing recent reports of Chinese infiltration of US networks, Burgess said “one nation-state” is “conducting multiple attempts to scan critical infrastructure in Australia and other countries, targeting water, transport and energy networks.”
He said the government in question is “trying to gain persistent undetected access that could allow it to conduct sabotage in the future.”
The risk, he said, is “only likely to materialise during a conflict or near conflict.”
IT News By Richard Chirgwin
Feb 29 2024 8:33AM