51 critical infrastructure organisations breach in 2012: report

Powered by SC Magazine

Nine lost proprietary data.

A new report has found fifty one critical infrastructure operators in Australia have been breached in the last year with nine losing proprietary information.

The Cyber Crime and Security Survey Report (pdf), commissioned by CERT (Computer Emergency Response Team) Australia and authored by the Centre for Internet Safety, received 255 responses from organisations operating systems of national interest. The organisations came from sectors including energy and water utilities, defence, communications and finance.

Ten of those breached organisations had experienced more than 10 breaches in the last year. 


Most breaches were due to theft of devices, automated hack tools, software vulnerabilities, and mis-configured operating systems, applications or network devices.

Twenty two breaches were caused internally, the same number as those which reported attacks to police.

Ten kept the incident quiet "because of the fear of negative publicity" and 36 did not think the attacks warranted law enforcement investigation.

Of those organisations which reported breaches, eight claimed the incidents were not investigated, ten did not know the outcome of an investigation, and four reported a person was charged as a result.

Most surveyed organisations had standard security technologies in place while 153 had intrusion detection systems. Two-thirds possessed documented incident management plans, but only 31 had forensic plans in place.

Half of the organisations increased security spend over the last year and considered attacks against them to be targeted.

Most respondents from the energy, water and transport sectors said they were part of the Federal Government's Trusted Information Sharing Network (TISN), housed within the Attorney General's Department alongside CERT Australia.

The TISN was a platform for organisations of national interest to share information about their networks with the agency under non-disclosure agreements in return for non-public security intelligence. The initiative aimed to provide the Federal Government with good insight into potential vulnerabilities into critical infrastructure networks, and to make operators more resilient.

Copyright © SC Magazine, Australia

51 critical infrastructure organisations breach in 2012: report
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.