Blurring tech boundaries a cyber risk, says CISC

By

Insiders also a worry.

The convergence of operational technology (OT) and IT is compounding the risks to critical infrastructure, the Cyber and Infrastructure Security Centre (CISC) has said in its first annual risk assessment.

Blurring tech boundaries a cyber risk, says CISC

The Critical Infrastructure Annual Review [pdf] added that these, together with IoT rollouts, creates a vector for lateral movement between systems, which “can create catastrophic cascading consequences”.

“Adoption of IoT in critical infrastructure also leads to a growing integration of third-party inputs for information, data sharing and data analytics," the report added.

Companies’ enthusiasm for digitisation also worries the CISC, which said that is ‘outpacing our cyber literacy and security practices”.

The organisation is also concerned that bad actors are hiding malicious code in critical infrastructure networks for later exploitation.

“Pre-positioned malicious code”, the report stated, is hard to mitigate “as the full extent of this threat remains elusive”.

The review cited an experience from North America, where possibly malicious code was found “hidden inside critical infrastructure networks” including power, communication and water supply.

“Removing any identified code may alert adversaries to what has been found, aiding future attempts," the report said.

The CISC is also concerned at the risks posed by people.

“Disgruntled employees” recruited by foreign intelligence services through dark web job ads are another risk, the review said.

The work-from-home revolution is also causing problems, because offsite connectivity “may reduce the detectability and overall difficulty for a trusted insider to remove local data or provide access to a third party.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

BoM's seven-year technology transformation cost $866m

BoM's seven-year technology transformation cost $866m

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

ANZ joins NAB and CBA on ConnectID

ANZ joins NAB and CBA on ConnectID

James Cook University accelerates digital roadmap and cyber uplift

James Cook University accelerates digital roadmap and cyber uplift

Log In

  |  Forgot your password?