Industry, government cooperation vital to critical infrastructure protection: Analysts

Survey finds industry willing, but Attorney-General's department unlikely to budge

More cooperation is needed between government and industry on critical infrastructure protection (CPI), according to analysts.

“I don’t think government and industry have learnt to share information," Gartner research director, Rob McMillian, told Computerworld Australia. "Ninety per cent of critical infrastructure is held in commercial hands. That means it is up to industry to decide how to protect that infrastructure. It’s your own commercial requirements that lead you to protect your kit.”

He said if government wants to work with industry, there needs to be a joint understanding of the economics behind this in terms of risk.

A recent Symantec survey found 93 per cent of Australian industry respondents were engaged with CPI programmes and were willing to work with government on them.

“Industry will be looking for some guarantees about information sharing and where that information goes to," McMillian said. "We’ve got some scope there but we still have to figure out a way forward.”

McMillian also said he was surprised to see comments from the Attorney-General department assistant secretary, Mike Rothery, in the Sydney Morning Herald that businesses would have to defend themselves if a cyber attack hit Australia.

Rothery was quoted as saying the government struggles to defend its own systems, despite the opening of a Cyber Security Operations Centre in Canberra. The government has also created a Computer Emergency Response Team (CERT) to help with cyber attacks.

“If it’s in private hands, than the ball is in the government's court to outline what they can bring to the table. CERT Australia will need to make sure it offers a value proposition when an incident takes place.”

The Symantec survey, which drew responses from industries such as finance and IT, also revealed that 79 per cent of local respondents said they had started engaging on CPI less than a year ago.

A recent report from the Victorian auditor-general also found the Supervisory Control and Data Acquisition (SCADA) systems at key Victorian infrastructure remained vulnerable to attack and subversion.

Asia Pacific vice president and managing director Craig Scroggie said this is because there have been more reports of cyber terrorism.

“We’ve observed the Stuxnet worm attack on an Iranian nuclear power plant in September," he said. "The potential for significant and large scale harm by taking control of a power plant is quite scary.”

McMillian said although these types of attacks are not new, they are likely to increase in the future.

"That's why critical industries such as water and power companies need to start CPI programmes."

Join the CSO newsletter!

Error: Please check your email address.

Tags supervisory control and data acquisition (SCADA)critical infrastructure protection (CPI)

More about Attorney-GeneralCERT AustraliaComputer Emergency Response TeamCPI HoldingsGartnerSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts