Former ASIO boss warns on energy sector cyber

Joseph Brookes
Senior Reporter

Energy experts and a former ASIO chief have warned that Australia’s critical energy infrastructure was growing in complexity and vulnerability to cyber-attacks, but a commensurate uplift in resilience has not occurred.

Former ASIO director general and current chair of the Foreign Investment Review Board David Irvine said energy was one of many Australian sectors lacking sufficient cyber resilience, and that most local organisations are not “caring enough” about the new “tool of warfare”.

Progress is being made but not quickly enough, and Australia is vulnerable to sophisticated cyber attacks, Mr Irvine told an Australia Israel Chamber of Commerce Business lunch on Friday.

“Nation states are busily working on what we call hybrid warfare; the ability, without actually shooting people, to bring opposing states to their knees.”

Former ASIO director general and current chair of the Foreign Investment Review Board David Irvine

Russia has already deployed hybrid warfare against several countries in Europe, and the tactic now poses a serious threat to Australia, according to the former ASIO boss.

“This is now a threat that is on our horizon, and we really need to work hard because, as I keep saying, the wars of the 21st century are going to be fought in cyberspace before a kinetic shot is fired.”

Those same cyber warfare tools are also increasingly popular weapons for criminal attackers, Mr Irvine said, but Australian industry and governments have been slow to prepare for attacks and how they will respond.

“As a nation, we have to have responses,” he said.  “And we have been, as a nation, very slow to come to the understanding of those needs for responses.”

Mr Irvine said boards now understand the threat of cyber-attacks, much more than they did in 2009 when he worked as ASIO chief, but most are still “grappling” with how to handle an attack.

Governments, too, have improved their cyber posture but more needs to be done, according to Mr Irvine, who is also a non-executive director of the Cyber Security Cooperative Research Centre.

He said the Department of Home Affairs’ Critical Infrastructure Centre had asked the Foreign Investment Review Board to “do its bit” to improve national cyber resilience in the energy sector.

“[Australia is] getting there but we’re not caring enough yet [about resilience]. But the key point…is until we enhance our national security resilience in all segments of the energy sector, from supply through to end user, we’re going to be vulnerable to the sorts of attacks that we’ve seen.”

Chair of Australia’s Energy Security Board Dr Kerry Schott said the proliferation of internet connected devices used to manage energy and the increase in sensors required for renewable energy has created a huge new threat service.

“All of these things are new ways of people, who if they wanted to do dreadful things, can now get into the system, which were not there before,” Dr Schott said.

She said in Australia rooftop solar and the network connected inverters used with them are a particularly prominent threat, with panels now installed on around one if four Australian homes and inverters made by Huawai – the Chinese electronics firm barred from Australia’s 5G rollout on national security grounds – are the most popular ways of managing them. Although Dr Schott said the Chinese inverters do not pose a particularly “great risk”.

“We’re now in a world of many more sensors, many more gadgets…and many more ways for people to enter and use the systems,” she said.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories