During 2020-21, a quarter of reported cyber attacks in Australia were targeted at critical infrastructure, with organisations providing essential services, including education, health, communications, electricity, water, and transport most at risk.
In the UK, 70% of cybersecurity decision-makers of critical infrastructure also reported a rise in attacks.
Mitch Deam, Director and Chief Compliance Officer at Trendspek, comments, “Cyber attacks on critical infrastructure around the world are on the rise, with debilitating impacts on necessary services.
“For many, this means an increasingly challenging balancing act between conducting vital condition inspections of ageing and often decaying assets, and keeping structural and operational data about those same assets secure.”
In the UK, where assets that enable water, energy, transport and communication have been in place for decades or longer, asset condition inspections allow the identification of minor and major defects, and tracking of their progress over time, to inform maintenance planning, and avoid catastrophic failures.
In Australia, where assets are often earlier in their lifecycle, regular assessments help prevent such defects even occurring, and increase the efficient lifespan of critical infrastructure for longer, the company states.
Deam says, “Traditionally, asset condition assessments have been carried out by onsite inspection – people dangling precariously from heights, or on cherry pickers, taking photographs.
“Those photos, hundreds or more of them, were often stored anywhere from desktops to unprotected cloud-based filing systems, and in better situations, more secure locations.”
“That’s potentially hundreds of images of our water, energy and transport infrastructure, as well as key properties, made easy pickings for international hackers looking to cause major disruption and leverage system vulnerabilities for personal gain," he says.
More recent advances in the asset condition assessment industry have delivered new software that allows drone or robot capture to translate hundreds of thousands of data points in a point cloud, into stitched together digital twins and 3D Precision Reality Twins.
This new digitised system of asset inspection saves critical infrastructure groups millions of dollars in maintenance, and delivers more sustainable services, both through prevention and more accurate planning, the company states. However, the capture of millions/trillions of data points for infrastructure assets, means prioritising the security of this information - yet not all new platforms adhere to the same rigorous security standards.
Deam says, “Precision Asset Intelligence (PAI) software - which is one of the most advanced asset modelling platforms available today - is security-first, by definition.
“For our software Trendspek to be considered PAI, it must adhere to strict security principles and as such, we have just achieved recertification of ISO27001 for a fourth year running and recently been successfully certified for ISO27701 - the first in our class to do so.
"Given the increased attacks on infrastructure that support the absolute essentials in our lives, my concern is that so many other new and traditional systems aren’t holding themselves to the same security standards.”
In Australia, ACSC received a 15% increase in reported attacks in 2020-21, with government and infrastructure identifying 14 incidents of removal or damage of intellectual property, and 44 incidents of attacks on critical national infrastructure supply chain.
With the outbreak of the Russo-Ukraine conflict, global critical infrastructure suppliers have highlighted increased attacks, and Denmark’s Broadcasting Corporation has reported the Russian military is mapping offshore wind farms, gas pipelines and power and internet cables in the waters off their coast.
The UK government acknowledged the increased risk in June, issuing an unprecedented warning about cyber threats to its critical infrastructure.
However, while the focus on security has increased, major assets around the world have continued to suffer incidents, with bridges, dams and other infrastructure experiencing various failures that could have been prevented with more frequent and better condition assessment.
Deam says, “As the cyber-risk heightens - and it will continue to do so - there is the temptation to take backwards steps, but that is where new technology providers, like us, have to lead the way with security-focused solutions.
“There will always be lessons to learn and continuous upgrades and advances to implement, but we can’t just trade off increased safety and longevity of our assets, and productivity of our people, solely for security - we have to find that balance between the two, and that is a key mission for us.”