Building cyber resilience in critical infrastructure

As cyber threats become more sophisticated and increasingly target operators of critical infrastructure, industries and organisations must urgently assess and uplift their cyber resilience.

Australian organisations are no strangers to the consequences of a successful cyber attack. The system outages, financial loss, and reputational damage resulting from a ransomware infection or data breach are now part of the weekly news cycle. 

But what is becoming an increasing concern is the potentially catastrophic impacts of cyber attacks on critical infrastructure. After all, the consequences of such a breach go further than financial loss. They include the potential for prolonged outages of essential services and, subsequently, impacts on health, safety, and even national security.

We only have to look at recent global incidents, to demonstrate why it is essential that industries and organisations urgently assess and uplift their cyber resilience.

Recent global incidents include:

After discovering a cyber intrusion within its IT systems, the operators of the Colonial Pipeline proactively took systems offline to contain the threat, grinding its operations to a halt in the process. As the largest refined oil pipeline system in the United States, the outage resulted in widespread shortages of gasoline, diesel, jet fuel, and heating oil along the southeastern US coast. Some analysts described the incident as “the most significant, successful attack on energy infrastructure we know of in the United States.”3

It’s suspected hackers gained access to a water treatment facility’s computer system near Tampa, Florida, USA, in February 2021. Once inside the system, attackers sought to introduce excessive levels of a dangerous chemical into the water supply.4 While disaster was averted before the chemical could reach the water supply, the consequences could have been devastating for the town’s 15,000 population. It became the first documented attempt to hack into and contaminate a US community’s water supply.

In 2019, a major electricity supplier in South Africa’s largest city suffered a ransomware attack that affected a quarter of a million people with power outages.5 City Power reported that the attack had “encrypted all our databases, applications and network”. While attacks like this are on the rise, this is not a new threat. As far back as 2007, the Stuxnet virus reportedly destroyed numerous centrifuges in Iran’s Natanz uranium enrichment facility, while in 2015 and 2016 Ukraine’s power grid was attacked and partly shut down6 after a spearphishing campaign targeting IT staff.

As the lines between physical and digital disruption are blurred and attacks become more of an inevitability than a possibility, there is a growing need to shift from a preventative mindset to a more holistic, resiliency-based approach across people, process, and technology.

Where should we focus?

A holistic view of resilience requires a five step approach:

  1. Proactive assurance activities and security testing
    Penetration testing - or hacking your own system - gives you the opportunity to find and fix weaknesses before cyber attackers do in a safe and controlled manner with the right specialists involved.

  2. Establish an “OT Cyber Champion” or expanding the role of the CISO
    Having a defined cyber champion helps elevate cyber safety conversations across your engineering and operations workforce.

  3. Go beyond natural hazards
    Regularly practice cyber crisis response through exercise and drills. It is important these are conducted with representation across all key business stakeholders - not just cyber security, as the dependencies and flow-on effects of cyber disruption are sometimes not understood until an incident occurs.

  4. Bolster business continuity plans
    Ensure business continuity plans cover scenarios for ransomware and system unavailability, including the links between mission critical systems and corporate systems.

  5. Make measurement key
    In order to improve resilience and sustain it, businesses need to accurately report on the risk landscape, including how risks are changing based on the steps being taken.

How PwC can help strengthen your cyber resilience today

With experts in cybersecurity, industrial control systems, and business risk, PwC can bridge the gaps in organisation, overcoming the siloes that can impede the building of resilience. 

If you or your organisation are looking to strengthen your cyber resilience, get in touch with us today.

Contact us

Robert Di Pietro

Partner, Lead of Cyber Security, PwC Australia

Tel: +61 418 533 346

Mike Younger

Partner, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 490 093 981

Hide