Brisbane   Melbourne   Hobart   Launceston   Devonport

Critical Infrastructure Cyber Security

"Experts are the ones who think they know everything. Geniuses are the ones who know they don't" - Simon Sinek

Cyber-attacks are continually rising each year with the number of threat actors increasing and their capabilities expanding. The FY2022/23 Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report noted:

  • Nearly 94,000 cybercrime reported - up 23%
    • On average, a report every 6 minutes
  • The Australian Cyber Security Hotline answered over 33,000 calls - up 32%
    • On average, 90 calls a day - an increase from 69 calls per day

The top 3 cyber incidents reported by critical infrastructure were:

  1. compromised accounts or credentials;
  2. compromised assets, networks and infrastructure
  3. denial-of-service attacks

 As a result of cyber security threats and incidents, and recommendations from independent review, the Department of Home Affairs is promoting an uplift of cybersecurity across critical infrastructure.

Photo by Rhett Lewis

Cyber security can range anywhere from simple password management through to comprehensive cybersecurity solutions to assess, build and manage cybersecurity and incident responses to a myriad of potential threats

OT networks and ICS systems typically use legacy infrastructure, operating systems and out of date patches. The most critical systems are frequently the most vulnerable.

Cromarty Automation has many years of experience in assisting organisations implementing, securing and analysing their OT networks and systems. This includes:

  • Developing policies, incident response plans, and procedures
  • Reviewing existing infrastructure and systems, auditing the current cyber security posture
  • Assisting in performing the Cyber Security Risk Assessment
  • Implementing systems, controls, and mitigation strategies to support cyber security and disaster recovery efforts

 

The services we can offer are:

  • Communication network analysis - Investigate problems with communication to controllers, inverters or other equipment.
  • Determine whether network communication between devices is responsive and error free.
  • Review configuration of network devices such as switches, routers and firewalls.
  • Cyber Security Framework Assessment - Recent legislative changes shall require critical assets to comply with a cyber security framework such as Australian Energy Sector Cyber Security Framework (AESCSF), ACSC Essential Eight or NIST. We can assist you assess the compliance of your assets and provide recommendations and actions to take to uplift your cyber security footprint.
  • Cyber Security Audit - Audit the systems, architecture, policies, practices and procedures implemented at your assets. Discover whether the actual implementation on site follows required policy direction.
  • Cyber Security Policies & Framework - Guide you on implementing your own cyber security policy and associated framework.
  • Secure Remote Access Solutions Design, Procurement, implementation and commissioning
  • Design and implementation of OT networking equipment, OT Servers, clients and workstations, SCADA, MES, Historians, etc.
Photo by Catherine