CAPA's Threat Watch - November

ASD Warns of rising cyber risks for the electricity sector

ASD has publicly released their Annual Cyber Threat Report 2024-2025 and has disclosed some notable statistics impacting the critical infrastructure sector over the course of the financial year in Australia.

According to the ASD, the top three cyber security incidents reports in our sector pertain to a compromised asset, a network, or infrastructure, DoS or DDoS'ing attacks, and compromised account credentials. To those executing such attacks, the ASD notes that state-sponsored threats are tenacious, motivated by financial gain.

Of these adversaries, APT40 made a dedicated appearance. This adversary targets networks housing end-of-life or no-longer-maintained devices. Given the nature of CI, this makes it the perfect sector to target, as we continuously wrestle with the disjointed nature of legacy and modern systems/protocols.

It was also noted that incidents within the space increased from 11% the year prior (2023-2024) to 13% (2024-2025), with the most common adversarial activity types being scanning and reconnaissance at 41%, DoS/DDoS at 31%, and phishing at 20%.

Despite the electricity sector itself not falling within the top three divisions for cyber-related incidents, it is an important reminder that we can never get too comfortable when navigating the DER transition from legacy to new-age technology and inter-connectivity.

Five Eyes accuses China of espionage attempts against critical infrastructure sector

Mike Burgess, regarded as Australia's top intelligence chief, has accused Chinese state-sponsored threat actors of attempting to infiltrate Australia’s critical infrastructure and telecommunications networks.

Burgess warns that as of late "unprecedented levels of espionage" are being witnessed, costing the economy an estimated $12.5 billion (2023-24). Noting that Australia is “getting closer to the threshold” for sabotage in a previous address, Burgess amended this statement, warning “we’re there now”.

Burgess referenced hacking groups Salt Typhoon and Volt Typhoon, of whom are largely attributed to attacks targeting our telecommunications infrastructure, both in Australia and in the United States. He highlighted that these attacks “gave China the ability to turn off telecommunications and other critical infrastructure” as a result of probing the industry’s infrastructure "aggressively".

The ASIO director-general encourages business leaders to find methods of systems hardening, and more restrictive protections on sensitive data, emphasising the “devastating” outcome, if mitigations aren’t implemented quickly.

Burgess noted that a sabotage of our critical infrastructure could “cost the economy $1.1 billion per incident”, with a week-long disruption costing $6 billion. Burgess notes that such attacks pertain to “growing levels of grievance, conspiracy and anti-authority beliefs” which is resulting in more aggressive, reckless, and dangerous “high-harm activities”.

Mike Burgess’s address reminds us to be cyber-ready, with increased and informed real-time monitoring of our DER assets for any anomalous behaviour, and the importance of strong collaboration between government, industry, and operators.