South Australian power shutdown ‘just a taste of cyberattack'

Thursday 8 December 2016

We need 21st-century networks that have no centre: no main power station, no main water dam, no main interconnector, no main transport hub or central train station on which the rest of their particular networks depend.

This article by Professor Roger Bradbury was published by ANU Reporter

A one-day shutdown led to hundreds of millions of dollars in losses to the economy, disruptions to citizens’ lives and an unravelling of political, social and economic certainties.

Sure, South Australia has peculiarities that made it particularly susceptible to such an event. But the shutdown nevertheless shows in high relief the vulnerability of today’s interconnected systems of critical infrastructure.
What we saw then was not just a loss of the electricity network but also the shutdown of the other infrastructure networks: telecommunications, water, sewerage, transport, financial services, the Internet and so on.

Advanced Western societies have spent the past 30 years refining and interconnecting their critical infrastructure, improving their efficiency but also increasing their vulnerability. We’ve reached the point where the interconnections are more or less complete, so every critical infrastructure – energy, water, finance, transport or cyber – is dependent, to a high degree, on every other.

This interdependency means disruptions in one infrastructure quickly spread to all other interconnected systems. And because these infrastructures – with the exceptions of cyber and transport – are organised in a top-down hierarchy, it means if the disruptions can spread up to the top of the tree, they can then spread down to the rest of the network.

This is what happened in South Australia. Excessively hierarchical networks in key infrastructures enabled – one may say encouraged – the collapse of each of those networks.

A cyberattack would take advantage of these interdependencies and would look exactly like the chaos in South Australia. Such an attack would be initiated through the Internet rather than through the electricity system but a cyberattack would not stay inside the cyber system. It would spread to electricity, water, financial, transport and other systems big time. It would bring them to their knees.

How likely is it that we may suffer a full-blown cyberattack? And what may we do to reduce our vulnerability?

To answer the first question, we need to know several things about cyber.

The first is, at present, it would require the resources of a nation-state to launch a cyberattack of this magnitude. It would not be a terrorist job.

Making attacks less effective

A cyberattack would take advantage of these interdependencies.

The second is that such an attack would require the secret pre-positioning of offensive sleeper software inside our systems. A prudent state would do this as a matter of course as insurance against some future conflict with us.

The third thing to know is that it is nearly impossible for our counterintelligence and cyber-security agencies to fully sweep our interconnected critical infrastructure to be assured that no such hidden malware exists. This is the classic conundrum of intelligence: absence of evidence is not evidence of absence.

As a state, we would be prudent if we assumed that it is highly likely that our infrastructure systems have been penetrated. So the likelihood of an attack depends more on the geopolitical environment than on the security of our own systems.

One could imagine, for example, that Australia might wish to exercise, much to China’s irritation, our warships’ rights, in concert with our allies, to freedom of navigation in the South China Sea. One could then imagine a surgical cyberattack, even up to a South Australian scale, in Australia – an attack whose origin was impossible to attribute with certainty and that fell subtly below the threshold of an act of war.

While we cannot, today, prevent such an attack, we can do some things to make one less effective – and hence make our infrastructure less of a target to an adversary. And none of these things we can do means winding back the clock and making our infrastructures less interdependent.

We can have the efficiency and productivity benefits of highly interconnected infrastructure networks even as we tailor those networks to be much more resilient to inevitable attack.

And the most important single thing we can do with our networks is to make them much less top-down or hierarchical because this is the key source of vulnerability in any complex network.

We need 21st-century networks that have no centre: no main power station, no main water dam, no main interconnector, no main transport hub or central train station on which the rest of their particular networks depend. Instead, say for water or power, we need production and consumption everywhere in the network and we need that network to be smart and decisive everywhere.

Professor Roger Bradbury leads the Strategy and Statecraft in Cyberspace research program at the ANU National Security College.

Updated:  22 June 2018/Responsible Officer:  Director, Energy Change Institute/Page Contact:  Webmaster