Senior official warns of risk of major cyber-attack on Australia’s critical infrastructure

“Of all the things that keep me awake at night … that is the most pressing, immediate concern,” the senior official told a Senate hearing.

Pezzullo was speaking against the the large number of high-profile cyber-attacks in the country. Victims this year include Western Australia’s parliament and broadcaster Channel Nine, while an attack on the national parliament left the building’s occupants without access to email last weekend.

In response to the increased number of cyber-attacks, central government has proposed laws to better protect assets in critical sectors such as water, health, energy and transport. The legislation would impose greater cyber security obligations on operators responsible for infrastructure in those sectors.

Without the additional measures, which are being considered by parliament’s joint committee on intelligence and security, Pezzullo said Australia faced a perilous road. 

“We’ve laid information before the parliamentary committee that potentially state actors could take advantage of these vulnerabilities,” he was quoted as saying by broadcaster ABC.

Pezzullo also referred to the greater interconnectedness of software and machinery used by operators which could expose businesses to sabotage and ransomware. 

“We’re seeing this with hospital systems. We’re seeing it with vaccine data. We’re seeing it with healthcare providers …

“Cyber criminals tend to be very business savvy so they will chase opportunity and typically the more critical a system, the more critical a data set, the more the criminal opportunity there might be,” he warned.

“It makes good business sense to have common platforms and connected systems so your plant operators can remotely dial in to see how machinery is performing, but it increases what cyber security experts call the attack surface.

“That’s before you get to state actors, and also there is a combination effect of state actors operating with criminal actors effectively acting as proxies,” he added. 

Pezzullo’s comments come after Prime Minister Scott Morrison urged Australian organisations, including governmental, to protect themselves as many were currently being targeted by a sophisticated foreign state-based hacker.

Central government agencies believed China was the nation behind the ongoing cyber-attacks on institutions including hospitals and state-owned utilities.