The federal government has renewed its call for stronger co-operation between public sector authorities and private sector companies to improve Australia’s cyber security.
The call came from Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, who specifically zeroed in on Internet Service Providers (ISPs), saying they played a “key role” in shaping Australia’s cyber security landscape.
Mr Tehan made this call as he officially opened Telstra’s Security Operations Centre (SOC) in Sydney.
“The Australian Government’s national Cyber Security Strategy highlights the importance of working with the private sector to build cyber resilience to protect the Australian economy,” Mr Tehan said.
He said Australia’s ISPs play a vitally important role in protecting individuals and business, particularly small to medium enterprises, from cyber-attack.
“In July of this year, the Prime Minister and I met with Australia’s major telecommunications companies to discuss how government and service providers can work together to protect the community and strengthen networks to make them more robust against attacks,” Mr Tehan said.
He said the private sector drives innovation and product development, not government.
“Industry must be empowered to design and implement products the public want while government can provide expert support through its commitment to information sharing.”
This call from the federal government came soon after the Victorian government launched its own Cyber Security Strategy, which has been designed to protect the state’s valuable infrastructure, which is mostly run with computers.
It was a topic that was raised by Kaspersky Lab chairman Eugene Kaspersky at CeBIT Australia 2017, who said that in the so-called ‘Internet of Things’ where governments and companies are trying to protect their critical assets, “everything is vulnerable”.
In what he called ‘cyber sabotage attacks’ on power grids, he said if it don’t have electricity, that’s the “end of civilisation”.
“You can’t live without electricity. So when there’s a blackout, we still have some juice in the generator, but then the diesel is off. Then your iPhone battery is off but then it doesn’t matter because your mobile operator ran out of diesel hours ago, so it’s back to horses,” Mr Kaspersky said.
He also used the blackout on the North American east coast in 2003 as a cyberattack scenario, where it was revealed that it was a so-called ‘zombie’ attack where the grid was infected with a worm that makes the critical digital equipment appear to be functioning but actually isn’t.
But another more devastating scenario was an attack on the Ukraine power grid, where attackers switched off the power and wiped all the data on the computer systems.
“As a result it wasn’t possible to restart the system to get control back,” Mr Kaspersky said.
“So the power companies had to physically send engineers to start the manual control on the grid. They were lucky because they still had old equipment. I have heard that the new generation power grid equipment doesn’t have manual power override,” he said.