Council cyber threat fears
AUSTRALIANS could face “potentially catastrophic” disruptions to water supplies, electricity, sewage and rubbish services in the newest emerging threat from foreign spies and cyber criminals, according to a new security report.
Local councils are the latest high-value targets for online attacks in Australia, according to the white paper from independent security firm CyberCX, with all local governments facing the “high likelihood” of a data breach and many at risk of suffering serious disruptions.
The warning follows confirmation Chinese and Iranian hackers had been exploiting a new widespread computer flaw to steal information, and after Bloomberg claimed to have unearthed evidence Huawei siphoned information from an Australian phone network before its 5G ban.
CyberCX cyber intelligence director Katherine Mansted said the “threat landscape” in Australia continued to worsen, and evidence from overseas pointed to local government organisations being the next top target for criminals and state-sponsored hackers.
Three notable attacks against Australian local councils were reported in 2021, according to the CyberCX report, which also warned “foreign governments (were now) actively targeting local government organisations in Australia for intelligence collection and political interference” and considered the organisations as “weak links” in Australia’s national security.
“It’s only luck that an Australian local government hasn’t experienced a serious interruption to its services or a destructive attack against local infrastructure,” Ms Mansted said.
“We need to be prepared. It’s such a high-magnitude risk that it would be irresponsible not to be prepared for it.”
She said nation states increasingly viewed local councils as the easiest way to infiltrate bigger government bodies and steal data, while cyber criminals looking to extract ransoms could pose a bigger threat to services as they were willing to “pursue maximum damage strategies and will deliberately try to disrupt for a payday”.
“The traditional things that local governments do – roads, rates and rubbish – are essential services … if they were to be disrupted that would be problematic,” Ms Mansted said.
She said more resources were needed to shore up their security, as well as additional training to prevent employees falling victim to simple phishing and business email compromise attempts.
The Australian Cyber Security Centre’s annual report found attacks on local, state and territory governments jumped more than 15 per cent during the 2020-2021 financial year, making the sector the fifth most likely to be targeted.