Government changes plan on rail line (Prevents any railed vehicle from using rail line)
Sydney suburban fleet modernisation contract awarded
Opal takeover: Pensioner Excursion and TravelTen tickets cut from next year
Rail corridor worth up to $3.8m, depending on development constraints
Sydney Rail Workers Sick And Tired Of Violent Commuters
Sydney grandfather leaps into path of oncoming freight train after baby girl in stroller falls on tracks
Labor hopeful Jodi McKay backs government on rail plan
What Sydney needs to transport us to the future
South West Rail Link trains drivers warned to slow down
Sydney Trains boss critical of $344m upgrade of Cronulla to Sutherland railway line
Anti-hacking defences put up by Sydney Trains and Transport for NSW were no match for a simulated cyber attack orchestrated by a government watchdog, a new report reveals.
The “red team” hacking exercise conducted by the NSW Auditor-General revealed “significant weaknesses” in the agencies’ cyber security schemes, the watchdog wrote in the report released on Tuesday.
“Transport for NSW and Sydney Trains are not effectively managing their cyber security risks,” Auditor-General Margaret Crawford wrote in the report.
“Significant weaknesses exist in their cyber security controls, and both agencies have assessed that their cyber risks are unacceptably high.”
The report also notes that few staff members at the agencies have received basic cyber security training and that executives do not receive regular detailed cyber risk briefings.
“As a result, neither agency is fostering a culture where cyber security risk management is an important and valued aspect of executive decision-making,” Ms Crawford wrote.
Anti-hacking defences put up by Sydney Trains and Transport for NSW were no match for a simulated cyber attack. NCA NewsWire/Dylan Coker Credit: News Corp AustraliaThe test was conducted by allowing “authorised attackers” to try to penetrate the computer systems.
The “red team” also tested the security of some of the train systems’ physical sites that were relevant to cyber security, the report said.
Transport for NSW and Sydney Trains were made aware in advance that the test would occur.
The exercise revealed security holes that the agencies weren’t previously aware of, it was revealed.
The agencies fought to suppress exactly what those weaknesses were because they feared revealing the vulnerabilities could expose them to further attacks.
“TfNSW and Sydney Trains have advised that in the six months from December 2020 and at the time of tabling this audit report, they have not yet remediated all the vulnerabilities identified,” Ms Crawford wrote in a foreword.
“As a result, they, along with Cyber Security NSW, have requested that we not disclose all information contained in this audit report to reduce the likelihood of an attack on their systems and resulting harm to the community.
“I have conceded to this request because the vulnerabilities identified have not yet been remediated and leave the agencies exposed to significant risk.”
The report also revealed there was resistance from inside the NSW Department of Customer Service to the “red team” method of testing the cyber defences at the transport agencies.
This article first appeared on www.perthnow.com.au
About this website
Railpage version 3.10.0.0037
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest is © 2003-2021 Interactive Omnimedia Pty Ltd.
You can syndicate our news using one of the RSS feeds.