iTnews

Chevron Australia has 'reservations' at govt asserting itself in a cyber attack response

By Ry Crozier on Nov 10, 2020 11:48AM
Chevron Australia has 'reservations' at govt asserting itself in a cyber attack response

Calls proposed powers 'unusual'.

Chevron Australia has expressed “reservations” at a government push for new powers to assert control in response to a cyber security incident.

As reported by iTnews yesterday, there is already widespread alarm at the prospect of the government inserting itself into incident response and its ability to both take control and remediate a threat, particularly if the target has regional or global infrastructure and operations.

Under the proposed laws, the government could install programs, “access, add, restore, copy, alter or delete data”, alter the “functioning” of hardware or remove it entirely from the premises.

Chevron - a major liquefied natural gas producer - said it had “reservations about [the] government unilaterally taking over response to a cyber incident.”

“There is the risk of damage to process control systems but there is also the possibility that the attack may not be restricted solely to Australia’s critical infrastructure,” information systems manager Annie Chi wrote in a submission [pdf] to Home Affairs.

“Chevron provides energy services across the world and it is conceivable that the adversary may be launching a global attack. 

“Response to such a global attack would need to be coordinated across company systems, therefore a policy that allowed [the] government to unilaterally take over response in Australia would preclude a coordinated response across the company and may lengthen actual recovery of services.”

Chevron said it was unclear if the Australian government could or would remediate a threat in its entirety.

“As an example, the Australian government response may eradicate the intruder on Chevron Australia’s systems, but the attacker may still persist within other Chevron systems in other countries and could relaunch the attack into Australia,” Chi wrote.

“It is unclear whether the Australian government would be able to address Chevron systems in other countries.”

Chevron said the “concept of a government declaring an emergency and taking over [cyber security incident] response is unusual.”

“US critical infrastructure regulation, as an example, does not have such a concept,” Chi wrote.

“Critical infrastructure companies are required to protect their own environments. Government resources are available to assist but only on a voluntary basis.

“The government may take over incident response at a company but only if the government were asked to work the incident by the company.”

Chevron said it should retain ultimate control over incident response, as its own security operations centre and team was best-placed to formulate a response.

“[Our] view is that private industry should continue to have the primary responsibility of responding to cyber attacks and protecting corporate assets,” Chi wrote.

“Government can assist with sharing information on latest threats so that corporations may be better prepared as well as maintaining response services which may be voluntary called upon by a corporation if necessary.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
australia chevron cyber security gas incident response industrialit lng miningit process control security software

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity
Building a ransomware remediation backup strategy
Building a ransomware remediation backup strategy

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By Ry Crozier
Nov 10 2020
11:48AM
0 Comments

Related Articles

  • TikTok tells Australia government it will make source code available for inspection
  • Santos looks to further optimise its identity platform
  • Mimecast says hackers hijacked its products
  • Apple loses court case against security vendor Corellium
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra pilots its first neurodiversity recruitment program

Telstra pilots its first neurodiversity recruitment program

Update Chrome or risk remote takeover, US govt warns

Update Chrome or risk remote takeover, US govt warns

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.