Dragos recently published a threat perspective report focusing on the observed threats to electric organisations within Australia. The Australian Cyber Threat Perspective highlights the key elements driving the Australian industrial control systems (ICS) and operational technology (OT) threat landscape and the elevated levels of cyber risk. These factors include the constant evolution of ICS/OT targeting adversaries, increased ransomware activity, the prevalence of supply chain threats, and the existence of sub-optimal security controls.
One of the more concerning (albeit unsurprising) findings is that Australia, despite its geographical isolation, is by no means exempt from the increased adversarial targeting experienced by industrial organisations globally. On this note, a range of criminal and state-sponsored adversaries have targeted Australian electric organisations in recent years. Specifically, at least 6 out of the 19 Dragos-designated threat groups either directly targeted or have the assessed capability to target electric organisations within Australia.
This increase in industrial targeting ultimately acts to increase the overall risk of an intrusion-facilitated power disruption event. Such an event could occur at various points in the electric system’s operations, including control centres, dispatch centres, or within the actual generation, transmission, or distribution environments. It is possible that in the future, the subsequent disruption could be an intended objective of a cybercriminal operation to incentivise ransom payment. However, state-sponsored entities could also theoretically leverage this same disruption to support larger political goals. Nonetheless, irrespective of the underlying intent, as adversaries invest more resources into obtaining disruptive capabilities, the risk of a disruptive or destructive attack on the electric industry significantly increases.
The threat activity outlined in this report ultimately highlights the critical importance of Australian electric organisations adopting comprehensive security strategies with associated controls across both information technology (IT) and OT environments. As part of this, organisations should focus on essential defensive elements such as defensible architecture, monitoring and visibility, ICS incident response plans, remote access authentication, key vulnerability management, and comprehensive security policies.
While this blog provides a high-level overview of the findings of this report, Dragos does not publicly describe ICS/OT threat group technical details except in extraordinary circumstances to limit tradecraft proliferation. However, full details are available to network defenders through Dragos WorldView Threat Intelligence.
Ready to put your insights into action?
Take the next steps and contact our team today.