Getting your Trinity Audio player ready...
|
As sensitive information is increasingly stored and managed by external entities across sectors like healthcare, insurance, and government, the risks of cyberattacks grow, making robust cybersecurity measures essential to safeguard public data.
A cyberattack recently exposed the personal data of almost half of Australia’s population, with 6.5 terabytes of sensitive information stolen and sold on the dark web. This breach highlights the increasing threat of cyberattacks on sectors such as healthcare, insurance, and government and underscores the demand for stronger cybersecurity to safeguard critical infrastructure and citizen data is more urgent than ever.
Critical infrastructure, including energy, food, water, and transportation systems, is highly interconnected, meaning an attack on one area can cause widespread disruptions. A significant example occurred in July 2024, when a global cybersecurity incident disrupted airlines, banks, medical systems, and grocery checkouts. The incident highlighted the vulnerability of these essential systems and the pressing need for improved cybersecurity measures to safeguard them from future threats.
To address these risks, initiatives are being developed to improve the detection and management of software vulnerabilities, particularly those related to third-party software. One such initiative, spearheaded by CSIRO, aims to strengthen the security of software supply chains, which are critical to many industries.
Software supply chains often include a vast array of open-source software packages, created and maintained by external parties. While open-source software fosters innovation and collaboration, it also introduces risks, as many packages may contain undetected vulnerabilities. These vulnerabilities can compromise the security of entire systems, making it difficult for organisations to maintain consistent security standards.
The project working on this issue seeks to deliver three key outcomes to help organisations secure their software supply chains. The first goal is to provide critical infrastructure operators with detailed data and methods to assess whether specific open-source software vulnerabilities pose a threat to their systems. This analysis will be based on the unique context of each organisation’s operations and the software they use.
The second goal is to develop efficient and automated systems to manage and prioritise software vulnerabilities. By identifying vulnerabilities that have the most significant potential impact, organisations can focus their resources on addressing the most critical risks, reducing the likelihood of costly and disruptive cyberattacks.
The final goal is to establish a comprehensive framework for software security in critical infrastructure. This framework will offer clear guidelines for organisations to adopt, helping them implement consistent security practices and better manage software risks. By creating a standardised approach, the initiative aims to enhance the overall resilience of critical infrastructure.
To maximise the impact of this initiative, the project’s findings and resources will be made publicly available. This open-access approach is intended to support organisations across critical infrastructure sectors in improving their cybersecurity measures. By sharing knowledge and resources, the initiative hopes to close the gap between different industries’ security practices and create a unified approach to managing software vulnerabilities.
Cybersecurity experts involved in this project emphasise the importance of collaboration between the private sector, government, and research institutions. By working together, stakeholders can develop solutions that align with local regulations and address the unique challenges faced by Australian critical infrastructure. These efforts aim to build a more secure and resilient future for Australia’s essential services.
Through these initiatives, the Critical Infrastructure Protection and Resilience (CIPR) team seeks to develop a national strategy for safeguarding Australia’s critical infrastructure. The long-term goal is to address converging vulnerabilities in these essential systems by 2030. Recognising the inadequacies of current cybersecurity measures, the CIPR team is working with a range of stakeholders to leverage the latest scientific and technological advances to build a stronger, more secure infrastructure for the future.