Chinese government hackers could turn off lights across Australia at any time if they decide to launch a massive cyber war, experts have warned.
Power plants, hospitals, banks and logistics companies – among many others – could be vulnerable to an all-out attack that would bring the country to a halt.
The country is said to be living on a razor’s edge after years of underinvesting in defense hacks, leaving government and private companies nearly defenseless.
The warning comes after Queensland’s utility CS Energy was the target of a ransomware attack that nearly cut power to three million homes.
Chinese hackers launched a sustained hack on CS Energy’s two coal-fired power plants in Queensland on November 27, denying workers access to critical data and emails.
Chinese government hackers could turn off lights across Australia at any time if they decide to launch a massive cyber war on orders from President Xi Jinping (pictured)
Australia reportedly living on a razor’s edge after years of underinvestment in defense hacks, leaving government and private companies nearly defenseless
The attack came minutes after bypassing CS Energy’s internal systems to gain access to the generators that circulate 3,500 MW of electricity through the grid.
If successful, it would have cut electricity to between 1.4 and 3 million homes indefinitely.
A final ditch plan to separate control operations from the mainline saved the plant – but experts warn Australia may not be so lucky next time around.
âThe Chinese hackers are very well organized, they are technically proficient and they are state sponsored,â said Nigel Phair, director of the UNSW Institute for Cyber ââSecurity.
âThey see cyber attacks as just another part of their ongoing strive for greatness. Their capacity is extremely good, âhe said.
âThere is a huge danger that they could shut down Australia. You would be naive to think otherwise.
The Australian government has now started to introduce new laws that will give them unprecedented powers in the face of a cyber attack.
Nigel Phair, director of the UNSW Institute for Cyber ââSecurity (pictured), says Chinese hackers are very well organized, technically proficient and state sponsored
The warning comes after Queensland’s electricity company CS Energy (pictured) was the target of a ransomware attack that nearly cut power to three million homes.
The Security Law Amendment (Critical Infrastructure Bill) 2020 would allow the government to take control of private companies if their critical infrastructure becomes the target of a cyber attack.
Directors of affected companies will also be held personally liable for cybersecurity breaches under the new laws.
Prime Minister Scott Morrison insisted on Wednesday: âWe are pioneers in cybersecurity – that doesn’t mean the threats aren’t great.
âThey are, they are important. And that’s why we’re so focused. This is just another area where we are working to keep Australians safe.
Mr Phair insists the radical new powers are a vital wake-up call for private companies that have not invested in piracy protection.
âMost of the operators who own critical infrastructure are in the private sector and they don’t see the return on investment of tightening cybersecurity controls on their networks because they only see it as a cost,â he said. .
State actors working on behalf of Xi Jinping (pictured) the Communist regime on November 27 launched a “sustained” ransomware attack on CS Energy’s two coal-fired power plants in Queensland – which signifies what Beijing might be capable in wartime
“That is why the government is now saying, ‘We are going to intervene’. It’s quite interesting and quite controversial.
âIt’s a three step process where it starts with, ‘We’ll hold your hand and give you help with what’s going on’ until they call for the power of progression.
âIf you are the owner and operator of a gas, telecommunications, electricity or any other piece of critical infrastructure and you get hit, they will step in and take over the incident response.
âIt’s controversy. That’s quite a step – getting civil servants into a private organization and taking over the computer network is a pretty daring thing to consider. ‘
Senator James Paterson has warned that urgent reforms are needed to bolster Australia’s cyber defense capabilities as countries like China and Russia become increasingly hostile
WHAT AUSTRALIAN COMPANIES SHOULD DO TO PROTECT FROM CYBER ATTACKS
As more critical infrastructure moves into private hands, Nigel Phair fears that investing in cyberattack protection will be overlooked as an unnecessary expense.
The top three things Australian businesses need to do now are:
- Encrypt all data and transfer encrypted data
- Strict controls over who can access data and log all access
- Securely delete all data as soon as possible
It is also essential to train staff in phishing attacks and social engineering.
Partitioning of networks and complete disconnection, where possible, of critical information and access to infrastructure from the Internet will be crucial.
Hackers will use all forms of hacking to gain access to networks, from studying published operating technology for weaknesses to security intelligence obtained through espionage.
Social engineering – where hackers pose as coworkers or contractors to gain the trust of workers and gain access to information, passwords, and credentials – is a widely used tactic.
Employees can also fall victim to phishing attacks when they click on fake links that can reveal crucial passwords, logins and network information.
Critical infrastructure companies – including utilities, financial and medical organizations – are seen to be most at risk, but Phair says all companies need to tighten up their security.
Channel Nine was shut out of its broadcast equipment in a sophisticated attack on its network in March, which cut broadcasts as pundits fought to regain control.
âThese are advanced attacks,â Phair said. âThe technical and general sophistication of many of these elements is difficult for organizations. It takes brain power and action.
âThe problem is that Australian companies are not acting deep enough or fast enough. There is a degree of “I am not a bank, no one will hack me.”
âIt’s always someone else, it’s always another private hospital, another electricity company. We must get out of this complacency.
Following the attack on the Nine, Treasurer Josh Frydenburg said the government is investing in corporate defenses against cyber attacks.
“This threat is not going to go away,” he said. âWe work with the business community and the private sector in general to ensure that their systems are best in class.
“Whether it is other governments or criminal organizations, cybersecurity is the new battle front.”
While businesses can strengthen their defenses, Phair said a more effective approach would be for Australia to retaliate and launch its own cyber attacks against China.
Critical infrastructure companies – including utilities, financial and medical organizations – are considered most at risk, but Nigel Phair says all companies need to tighten up their security
He believes Australia’s Signals Branch – which heads the country’s cybersecurity and intelligence agency – could unleash our own virtual war.
âWe have to put sand in the gears of these people who are doing it,â Phair said.
âWe have to hurt them economically for them to say, ‘Actually, we’re not going to attack infrastructure in Australia. We are going to go elsewhere because these are fruits at hand.
“We have to disturb them with a lot of force.”
But he warned that action must be taken quickly.
“I hope we never have a breakdown of a severity that degrades people’s lives,” Phair said. It is hope.
âIt might never happen – but it could happen this afternoon. “