Operators of water, energy, telco and transport grids are being warned about continued cyber attempts to compromise remote workers operating critical infrastructure.
The head of the Australian Cyber Security Centre, Abigail Bradshaw warned remote working from home was creating cyber exposures that could have serious impacts.
“Many critical infrastructure operators are making decisions on how to safely keep businesses running while allowing access to sensitive operational technology assets by staff working remotely – staff who would normally be located in control rooms or work sites protected by effective cyber and physical security barriers that restrict outside access.”
The ACSC specifically warned working from home can create cyber security risks that malicious actors are actively working to exploit.
“We are continuing to see attempts to compromise Australia’s critical infrastructure,” Ms Bradshaw said.
“A cyber incident involving critical infrastructure can have serious impacts on the safety, and social and economic wellbeing of many Australians. If these systems are damaged or made unavailable for any length of time, it can cause significant disruption to our lives.”
The warning comes as logistics operator Toll has reported a second ransomware attack. The first attack caused major disruption to the company and its services. Steel fabricator Blue Scope was also breached.
The ACSC advice recommended operators create secondary remote nodes to manage operational systems, rather than from local homes.
The formal advice to operators also recommends creating two communication “jumps” to reach the operations environment. This should be combined with unique accounts, pass phrases, and multi-factor authentication.
The advice also recommends operators keep a detailed logical diagram of the operations network.
“This allows clear understanding of all remote access pathways and easy removal of paths added to temporarily supplement access to the Operational Technology Environment (OTE) during business continuity.”
Operators should also develop “a rapid disconnection plan” for 24-hour deployment, enabling them to disconnect remote access if malicious activity is identified.
The advice said operators should minimise trust in end-points that connect to your remote access solution, such as home networks and devices.
“The more your solution trusts the endpoint, the more controls you will need to mitigate those risks. Ideally, you should supply and configure a work laptop and network connection (such as separate mobile wireless hotspots) to remote workers to connect to the OTE. This circumvents the need to use home computing and networks all together.
“If your organisation does supply mobile communications, a mobile hotspot is preferable to a device that requires additional drivers, like USB dongles. Ensure all communications are encrypted and that Virtual Private Network split tunnelling is disabled.
The advice warned that remote workers must avoid activities like web browsing on devices that access the OTE.
ACSC also suggested home workers use an isolated Virtual Local Area Network if the home network has such capability.
“For example, most home networks have a ‘guest wireless network’ which is often left unused. This Virtual Local Area Network can be used to segregate devices from the rest of the household’s internet traffic.”
Critical infrastructure operators are also advised to increase automated monitoring and auditing of account logins, login failures, deviations from baseline traffic and anomalous network access.
“Produce daily reports that identify abnormal logins (behaviour that is unusual – for example someone who is not on a nightshift logs in at midnight). Ensure you have the audit trail you need to support incident response and protective monitoring.”
How the coronavirus is changing markets, business and politics.
Coronavirus: Need to know. Our daily reporting, in your inbox.
Did You See This CB Softwares?
37 SOFTWARE TOOLS... FOR $27!?Join Affiliate Bots Right Away
Tom Burton has held senior editorial and publishing roles with The Mandarin, The Sydney Morning Herald and as Canberra bureau chief for The Australian Financial Review. He has worked in government, specialising in the communications sector. He has won three Walkley awards. Connect with Tom on Twitter. Email Tom at firstname.lastname@example.org