The ACSC is the Australian Government’s centre for technological expertise, advice and support for operational technology. Through analysis, assessment and stakeholder engagement, the ACSC develops, maintains and imparts knowledge of the risks and opportunities associated with the increasing convergence of information technology and operational technology.
Operational technologies encapsulate the rapidly changing technological landscape that underpins, drives and supports critical infrastructure. Increased cyber-connectivity, and greater participation in, and reliance on, global supply chains means critical infrastructure is more vulnerable than it has ever been.
Aligning operational technology with information technology practices, principles and technologies brings many benefits, however, it also introduces new types of risks. A cyber attack on an operational technology system can have consequences in the physical world which, if left unmitigated, can have a potentially major or deadly impact on society and the Australian way of life.
Implementing operational technologies in a secure manner, and managing the associated risks, presents many unique challenges, including:
- communications protocols engineered without security controls
- the requirement that engineering systems be re-tested and certified after upgrades
- life-cycles (20 – 50 years) of operational hardware
- the introduction of new information technology protocols into operational technology environments
- the increased risk that comes with connection to untrusted networks, such as the internet.
Protecting Industrial Control Systems
Industrial control systems are essential to our daily life. They control the water we drink, the electricity we rely on and the transport that moves us all. It is critical that cyber threats to industrial control systems are understood and mitigated appropriately to ensure essential services continue to provide for everyone.
Industrial Control Systems Remote Access Protocol
External parties may need to connect remotely to critical infrastructure control networks. This is to allow manufacturers of equipment the ability to maintain the equipment when a fault is experienced that cannot be fixed in the required timeframe. Such access to external parties will only occur in extraordinary circumstances, and will only be given at critical times where access is required to maintain the quality of everyday life in Australia.