• Bradley Sing

    Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

    Comments:0

    Add comment
Bradley Sing

Why a single cyberattack could mean lights out for the energy sector

Content

We’ve talked before about the inherent vulnerability of the key parts of our infrastructure as Australia continues to digitise. The highly interconnected nature of modern industrial infrastructure, combined with the mixed-use of legacy and modern technology in these networks poses clear cybersecurity risks.

And the threats are only growing bigger. Cyberattackers are using more sophisticated tools and tactics every day, and the energy sector is an especially attractive target, given its critical role in modern infrastructure.

Awareness is growing, but change is slow
The cyberattacks on Ukrainian power stations in 2015 and 2016 affected more than 200,000 customers and showed just how much damage hackers can cause. 

In 2016, Australia’s Chief Scientist Alan Finkel released a review into the future security of the national electricity market and recommended that stronger security measures be put in place. While there has been some progress on that front, we still have a long way to go to make our energy infrastructure cyber resilient.


The threats looming over our critical infrastructure are continuing to grow, and so has its awareness, but many players in the Australian energy sector still see cybersecurity as a sunk investment that is prohibitively expensive. But even if a top-to-bottom cybersecurity overhaul isn’t practical, there are still several cost-effective ways of improving security, including email security and threat monitoring. 

 

While individual energy organisations are putting some cybersecurity measures in place, there needs to be a baseline cybersecurity requirement to ensure the network stays secure. Government intervention will most likely be needed for this to happen, but as it stands, individual energy companies need to evaluate their security priorities and implement them on their own. Luckily, a cybersecurity upgrade doesn’t need to be a massive investment.
 

What energy companies can do to bolster their cybersecurity

In an ideal world, every energy organisation would have the budgets and capability to fully overhaul their cybersecurity measures from the ground up. But we don’t need to aim for ‘perfect’ here. A few basic measures can reap big dividends and dramatically reduce the risk of becoming a target of an attack.
 

1. Keep software patched and updated
Even the most modern and hi-tech organisations stuff this one up. Many attacks exploit vulnerabilities in outdated software, so make sure your organisation uses up-to-date software, and regularly check for and install any updates and patches. Don’t forget to retire software that’s reached the end of its service life. 


2. Check permissions and application controls
You wouldn’t let just anyone log on to your critical systems, would you? Make sure you have the right permissions and logins set up on your key systems and devices. Organisations can greatly improve the cyber resilience of their operating environment by moving from the old-school antivirus approach (which looks for already-known threats) to an application control approach, which only allows authenticated users to access sensitive data and denies access to anyone else.
 

3. Train your people
Human error is still the biggest cause of cyber breaches. Make sure your people practice responsible cyber-behaviour and have a good understanding of what they should and shouldn’t be doing when it comes to security. Cyber resilience is a team sport, and it’s important for everyone in the organisation to play their part. Luckily, awareness training has come a long way and is no longer like the long-winded, stuffy lectures you’re thinking about. In fact, it can be a lot of fun


Conclusion
To ensure the uninterrupted supply of power to all Australians, it is more important than ever that Australia’s energy operators stay resilient against current and future cyber risks. Any initiatives that reduce cyber risk, even modest ones, can be the deciding factor between a temporary setback and catastrophic failure for our energy network. 

Technical Consultant, Mimecast

Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

Stay safe and secure with latest information and news on threats.
User Name
Bradley Sing