Australia joins US-led drive to hold software manufacturers more accountable for cybersecurity

72
Image credit: peshkova/stock.adobe.com

The rising use of technology in manufacturing supply chains means the sector is more at risk of cyber breaches. Assessing the threat level to companies from cybercriminals is not easy.

Due to the sensitive nature of the topic and the potential damage – both financial and reputational – cyberattacks can wreak and result in a whole new level of threat.

This is why Australia has joined a US-led effort to shift the burden of responsibility for cybersecurity from end users to software developers.

In particular, the Australian Cyber Security Centre (ACSC) issued a statement in collaboration with its Five Eyes counterparts in the United States, United Kingdom, Canada, and New Zealand, as well as Germany and the Netherlands, urging software vendors to take urgent steps to prioritise security in their products.

These cybersecurity authorities – referred to as “authoring organisations” – are aware that communities may seek cost-savings and quality-of-life enhancements through the digital transformation of infrastructure to create “smart cities.”

“Smart cities,” which are attractive targets for malicious cyber actors, refers to communities that integrate information and communications technologies (ICT), community-wide data, and intelligent solutions to digitally transform infrastructure and optimise governance in response to citizens’ needs.

Risk to smart cities

Through technological innovation and data-driven decision-making, smart cities may build safer, more effective, and more resilient communities; however, this opportunity also introduces potential vulnerabilities that, if exploited, could have an impact on critical infrastructure operations, national security, economic security, and public health and safety. 

The link between operational technology (OT) systems and smart city infrastructure expands the attack surface and heightens the possible implications of compromise, and cyber threat activity against OT systems is increasing globally.  

Automation of infrastructure operations

By automating processes, such as wastewater treatment or traffic control, smart cities can increase efficiency. Automation lessens the need for those systems to be directly controlled by humans. Improved uniformity, dependability, and speed for standardised procedures are also possible with automation.

Automation can also increase the number of remote entry points into the network (e.g. IoT sensors and remote access points), but it can also lead to new vulnerabilities. Real-time incident response may be hampered by the volume of data and complexity of automated processes, including reliance on third-party providers to monitor and manage operations, which can restrict visibility into system operations.

Secure planning and design

Communities should incorporate proactive cybersecurity risk management procedures and strategic vision into their plans and designs when incorporating smart city technology into their infrastructure systems, according to the authoring organisations. It is important to thoughtfully and intentionally incorporate new technology into existing infrastructure systems.

Local governments should make sure that any “smart” or connected elements they intend to include in new infrastructure are secure by design and include secure connectivity with any lingering legacy systems.

Communities should also be mindful that secure deployment of smart city systems may necessitate a redesign of existing infrastructure.

Planning for security should prioritise defence in depth, take into consideration both physical and cyber risk, and take into account the converged cyber-physical environment that IoT and industrial IoT (IIoT) systems bring about.