Community takes fight for rail to the Supreme Court
Rail corridor between Glenfield and Macarthur earmarked for medium density
Rail Trail boost to tourism - and local economy
Newcastle rail case may be long wait
Save Our Rail questions semantics argument over rail line cut
North West Rail Link corridor to extend through to Marsden Park
Camurra West to Weemelah Line Booked Out of Use
Rail Trail full steam ahead
John Holland Commissions Electronic Train Orders
Closure of Newcastle rail stations not technically a closure of whole line, State Government lawyer says
SYDNEY’S transport and public utility systems are vulnerable to cyber-attacks that would cripple the city and create chaos for days, security experts have revealed.
Symantec’s Asia-Pacific chief technology officer Nick Savvides said a string of technical failures on Sydney’s rail network highlighted risks to the city’s internet-connected infrastructure.
“Critical infrastructure is absolutely a target for malicious actors because it can cause so much disruption — they can shut down the roads, they can shut down the trains or power generators to force us to live in darkness for a few days,” Mr Savvides said.
“And if an attack caused physical damage (like the broken track on the vital city circle section of Sydney’s train line) it could take weeks to restore.
“For a city like Sydney or Melbourne, that’s an absolute disaster.”
Emergency track work at Town Hall has City Circle trains operating in one direction only, clogging the Sydney Train network.Sydney’s infrastructure vulnerabilities included a tiny crack in a railway line near Town Hall, which severely disrupted train services on Monday and a signalling issue at Redfern that caused delays just days earlier.
These events followed chaotic scenes caused by another software failure of Sydney’s long-suffering train systems and an IT glitch that stranded thousands of passengers at the Virgin and Jetstar T1 and T2 terminals at Sydney Airport in March.
Coles stores were forced to close in mid-August because of a technical glitch impacting the supermarket’s cash registers, while digital problems have also caused drama for Commonwealth Bank, ANZ and NAB customers.
Passengers waiting in line due to hardware and technical issues at the Domestic Airport in Sydney earlier this year. Picture: AAP Image/Danny CaseyMr Savvides said much of our critical infrastructure was forced to become internet-connected despite running on outdated computer systems and technology.
“As the threat landscape changes, old technology might not be able to be properly protected against those threats because the life cycle is so long,” he said.
“When it comes to the security of IT systems, you have to update your laptop every few years, but when you’re running a train, you can’t go ‘we need 100 new trains every three years’.”
MORE: CYBER ATTACKS ARE AS BIG A THREAT TO AUSTRALIA
Mr Savvides also warned that hackers more often target critical infrastructure for financial gain rather than disruption.
“Cyber-criminals will often compromise this type of critical infrastructure and demand extortion before they shut down the system or destroy something,” he added.
Mr Savvides said Australia’s geographic isolation shielded it from physical attack but the cost effectiveness cyber attacks provided a different opportunity.
“It’s a very effective method for attack because it’s somewhat cheaper than sending tanks, trucks, guns and people,” he said.
The cracked rail at Town Hall which has cut off City Circle trains, clogging the Sydney network on Monday morning. Picture: Twitter / @TrainsInfoMcAfee Chief Technology Officer Ian Yip said while an attack to disrupt Sydney’s critical infrastructure and transportation was indeed possible, it would take “meticulous planning” and “a lot of smarts” to make it a reality.
“These things take a lot of planning, a level of reconnaissance and social engineering,” Mr Yip said.
“The ways these things work aren’t openly published for good reason, so you would need to do a lot of reverse engineering, obtain documents to understand what’s going on and the systems used.”
MORE: THE RISING THREAT OF CYBERCRIME
Earlier this year, the NSW auditor-general released a report that slammed a number of state government agencies for lacking a “whole-of-government capability to detect and respond effectively to cyber security incidents”.
“There is limited sharing of information on incidents among agencies, and some of the agencies we reviewed have poor detection and response practices and procedures. There is a risk that incidents will go undetected longer than they should, and opportunities to contain and restrict the damage may be lost,” the report concluded.
“Given current weaknesses, the NSW public sector’s ability to detect and respond to incidents needs to improve significantly and quickly.”
Taking down the power would cause traffic chaos similar to when a blackout saw the M5 East closed in both directions between General Holmes Drive at Mascot and King Georges Road at Beverly Hills. Source: Channel 7.A Department of Finance, Services and Innovation spokesman said government welcomed the recommendations in the Auditor-General’s report and was working with all agencies.
“Cyber security is an evolving threat which is why the government created the position of Government Chief Information Security Officer (GCISO) to improve cyber security co-ordination and support across agencies,” the spokesman said.
“The GCISO is also working with federal bodies including the Australian Cyber Security Centre to share information and best practice.”
MORE: INTERNET-CONNECTED DEVICES A TARGET
The spokesman added $4.8 million had been allocated to the GCISO to bolster cyber security systems across all agencies.
“These (systems) have included a new cyber security framework designed to protect the government against cyber-attacks, the establishment of a dedicated team to respond to significant cyber incidents, and regular cyber security exercises among agencies and other stakeholders,” the spokesman said.
This article first appeared on www.dailytelegraph.com.au
About this website
Railpage version 3.10.0.0037
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest is © 2003-2019 Interactive Omnimedia Pty Ltd.
You can syndicate our news using one of the RSS feeds.