{"id":262405,"date":"2021-05-29T19:45:48","date_gmt":"2021-05-29T16:45:48","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/its-time-to-make-stringent-cybersecurity-for-infrastructure-companies-mandatory\/"},"modified":"2021-05-29T19:45:48","modified_gmt":"2021-05-29T16:45:48","slug":"its-time-to-make-stringent-cybersecurity-for-infrastructure-companies-mandatory","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/its-time-to-make-stringent-cybersecurity-for-infrastructure-companies-mandatory\/","title":{"rendered":"#It\u2019s time to make stringent cybersecurity for infrastructure companies mandatory"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2eba7c66e7c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2eba7c66e7c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/its-time-to-make-stringent-cybersecurity-for-infrastructure-companies-mandatory\/#Collateral_damage\" >Collateral damage<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/its-time-to-make-stringent-cybersecurity-for-infrastructure-companies-mandatory\/#Critical_infrastructure_is_an_attractive_target\" >Critical infrastructure is an attractive target<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/its-time-to-make-stringent-cybersecurity-for-infrastructure-companies-mandatory\/#Time_for_compliance\" >Time for compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/its-time-to-make-stringent-cybersecurity-for-infrastructure-companies-mandatory\/#Lessons_from_the_United_States\" >Lessons from the United States<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong>#It\u2019s time to make stringent cybersecurity for infrastructure companies mandatory<\/strong>&#8221;<\/p>\n<div>On May 7, a pipeline system carrying almost half the fuel used on the east coast of the United States was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.politico.com\/news\/2021\/05\/08\/colonial-pipeline-cyber-attack-485984\">crippled by a major cyber attack<\/a>. The five-day shutdown of the Colonial Pipeline resulted in widespread fuel shortages and panic-buying as Virginia, North Carolina and Florida declared a state of emergency.<\/p>\n<p>The attack highlights how vulnerable critical infrastructure such as fuel pipelines are in an era of growing cyber security threats. In Australia, we believe the time has come to make it compulsory for critical infrastructure companies to implement serious cybersecurity measures.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Collateral_damage\"><\/span>Collateral damage<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The risk of cyber attacks on critical infrastructure is not new. In the wake of the events of September 11, 2001, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/doi.org\/10.1016\/j.intman.2005.09.008\">research<\/a> demonstrated the need to address global security risks as we analysed issues of vulnerability and critical infrastructure protection. We also proposed systems to ensure security in critical supply chain infrastructure such as seaports and practices including container shipping management.<\/p>\n<p>The rise of \u201cransomware\u201d attacks, in which attackers seize important data from an organization\u2019s systems and demand a ransom for its return, has heightened the risk. These attacks may have unintended consequences.<\/p>\n<p>Evidence suggests the Colonial shutdown was the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bnnbloomberg.ca\/colonial-pipeline-paid-hackers-nearly-us-5m-in-ransom-1.1603285\">result<\/a> of such an attack, targeting its data. It <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears the company <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/colonial-pipeline-ransomware-attack-everything-you-need-to-know\/\">shut down<\/a> the pipeline network and some other operations to prevent the malicious software from spreading. This resulted in a cascade of unintended society-wide effects and collateral damage.<\/p>\n<p>Indeed, the attackers may have been surprised by the extent of the damage they caused, and now appear to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/darkside-ransomware-shutdown-exit-scam-or-running-hills\">have shut down their own operations<\/a>.<\/p>\n<p>We have seen how critical supply chain infrastructure can be severely disrupted as collateral damage. We must consider how severe the fallout might be from a direct attack.<\/p>\n<p>The events in the US also raise another important question: how vulnerable is our critical supply chain infrastructure in Australia?<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Critical_infrastructure_is_an_attractive_target\"><\/span>Critical infrastructure is an attractive target<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Australian society is dependent on many international and domestic supply chains. These are underpinned by critical supply chain infrastructure that is often managed by advanced and interlinked information and communication systems. This makes them attractive targets for cyber attackers.<\/p>\n<p>Cyber risk frameworks are often derived from traditional risk management approaches, addressing issues of a potential cyber attack <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0166497214000194\">as<\/a><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cyber.gov.au\/acsc\/view-all-content\/guidance\/applying-risk-based-approach-cyber-security\">routine<\/a><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2405896315005947\">conventional<\/a><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0166497214000194#bib35\">risk<\/a>. These risk management approaches weigh up the costs of preventing a cyber attack against the costs and probability of a breach.<\/p>\n<p>In some industries, this assessment will factor in the cost of a lost customer base who may never return. However, providers of critical services such as transportation, medical care, electricity, water, and food see little risk of losing customers.<\/p>\n<p>After the Colonial incident, customers trooped back to petrol stations as soon as they could and went on buying fuel. Thus, critical industries may perceive less cost from a breach than companies in other industries because their customers will return.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Time_for_compliance\"><\/span>Time for compliance<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Australia\u2019s national efforts in cyber security are coordinated by the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cyber.gov.au\">Australian Cyber Security Centre<\/a> (ACSC) under the auspices of the Australian Signals Directorate. The ACSC works with public and private sector organisations to share information about threats and guidance on best practices for security.<\/p>\n<p>ACSC documents such as the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cyber.gov.au\/acsc\/view-all-content\/essential-eight\">Essential Eight<\/a> provide guidance for organisations on baseline security measures. These are supplemented by more comprehensive resources including the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cyber.gov.au\/acsc\/view-all-content\/ism\">Australian Government Information Security Manual<\/a>.<\/p>\n<p>However, our research has shown the best practices are not universally followed, even by the Australian government\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/nikthompson.com\/PDF\/Thompson-Bunn-2020.pdf\">own websites<\/a>.<\/p>\n<p>Lack of knowledge is not the problem. Security best practices are <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly well understood and documented by the ACSC. The ACSC also provides specific guidance for critical sectors and industries, such as a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/aemo.com.au\/en\/initiatives\/major-programs\/cyber-security\/aescsf-framework-and-resource\">security framework developed for the energy sector<\/a>.<\/p>\n<p>The challenge here is that these are guidelines only. Companies can choose whether to follow them or not.<\/p>\n<p>What Australia needs is a cyber security compliance program. This would mean making it compulsory for companies that manage critical infrastructure such as ports or pipelines to follow some kind of rules.<\/p>\n<p>A first step might be to demand these companies comply with the existing guidelines, and require certification of a baseline of cyber security.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Lessons_from_the_United_States\"><\/span>Lessons from the United States<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The US government responded to the Colonial cyber attack with an <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2021\/05\/12\/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks\/\">executive order<\/a> to improve cyber security and federal government networks. The order proposes a raft of measures to modernize standards and improve information sharing and reporting requirements. These are valuable measures, many of which are already within the scope of the existing duties of Australia\u2019s ACSC.<\/p>\n<p>Another measure in the US order is the establishment of an independent Cyber Safety Review Board. Australia could likewise establish a partnership between government and industry to oversee cyber security. A similar body already regulates aviation: the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.casa.gov.au\/about-us\">Civil Aviation Safety Authority<\/a>.<\/p>\n<p>Such an organisation would provide robust analysis and reporting of cyber incidents. It would also share information with information <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> managers, software and hardware developers, public administrators, crisis managers, and others.<\/p>\n<p>Cyber security threats create high levels of uncertainty for the public and private sector. Attacks that disrupt critical supply chain infrastructure have widespread impacts on society and trade.<\/p>\n<p>A cyber security compliance program may be financially costly, but would be a worthwhile investment given the societal impact of a successful cyber attack.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img loading=\"lazy\" decoding=\"async\" style=\"border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;\" alt=\"The Conversation\" width=\"1\" height=\"1\" class=\"js-lazy\" src=\"https:\/\/counter.theconversation.com\/content\/160991\/count.gif?distributor=republish-lightbox-basic\"\/><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https:\/\/theconversation.com\/republishing-guidelines --><\/p>\n<p><noscript><img loading=\"lazy\" decoding=\"async\" style=\"border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;\" src=\"https:\/\/counter.theconversation.com\/content\/160991\/count.gif?distributor=republish-lightbox-basic\" alt=\"The Conversation\" width=\"1\" height=\"1\" class=\"\" srcset=\"\"\/><\/noscript><\/p>\n<p><em>This article by\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/profiles\/richard-oloruntoba-1219142\">Richard Oloruntoba<\/a>, Associate Professor of Supply Chain Management &amp; Supply Chain Management Lead, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/institutions\/curtin-university-873\">Curtin University<\/a> and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/profiles\/nik-thompson-117207\">Nik Thompson<\/a>, Associate Professor of Information Systems, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/institutions\/curtin-university-873\">Curtin University<\/a>,\u00a0is republished from <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\">The Conversation<\/a> under a Creative Commons license. Read the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/cyber-attacks-can-shut-down-critical-infrastructure-its-time-to-make-cyber-security-compulsory-160991\">original article<\/a>.<\/em><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/make-stringent-cybersecurity-for-infrastructure-companies-mandatory-synidcation\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#It\u2019s time to make stringent cybersecurity for infrastructure companies mandatory&#8221; On May 7, a pipeline system carrying almost half the fuel used on the east coast of the United States was crippled by a major cyber attack. The five-day shutdown of the Colonial Pipeline resulted in widespread fuel shortages and panic-buying as Virginia, North Carolina&#8230;<\/p>\n","protected":false},"author":1,"featured_media":262406,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/05\/Cyber-security-hed-shutterstock_1253457802-copy.jpg&signature=bcc61fbf660f4fd54faaf2a25ce29585","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-262405","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/262405","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=262405"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/262405\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/262406"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=262405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=262405"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=262405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}