Australia’s more than 11,000 critical infrastructure (CI) operators have new ways of defending against cyber attacks after the launch of a new centre of excellence (CoE) on Queensland’s Sunshine Coast, dedicated to protecting CI.

A team of 18 volunteers is bootstrapping the new Critical Infrastructure Information and Sharing Analysis Centre (CI-ISAC), which has launched an internship program and is looking to hire permanent staff as it ramps up its role to support the organisations covered by the Security of Critical Infrastructure (SOCI) Act 2018.

By expanding the definition of ‘critical infrastructure’ from four to eleven industry sectors – including data storage and processing, healthcare, transport and other key areas – the SOCI Act has increased the urgency for companies in those sectors to strengthen their cyber security protections.

Among its mandates is a requirement that CI operators report cyber incidents to government authorities within 12 hours of the attack’s discovery – which has forced such organisations to become far more proactive in monitoring and responding to cyber incidents.

Designed as a member-driven, community-first not for profit, the Maroochydore based CI-ISAC will support CI operators that are rushing to meet SOCI Act obligations.

Whereas existing Information Sharing & Analysis Centres (ISACs) are focused on specific sectors, CI-ISAC’s approach to threat information sharing has been designed to help the many CI public and private sector companies that are, the organisation notes, “lacking the knowledge, resources or capabilities to effectively participate.”

“The strength of the CI-ISAC model comes through the knowledge that cyber criminals often use the same techniques to not only target organisations within a specific industry sector, but across other sectors,” said co-founder Dr Scott Flower, calling the new facility the world’s first ISAC designed to operate across many sectors.

“A real challenge for business leaders in these critical sectors is knowing how best to invest in appropriate cyber defences,” he continued.

“By joining CI-ISAC they will gain access to knowledge and practical advice that can prevent them becoming the latest statistic in the never-ending war against cyber criminals.”

Assessing the latest casualties

Better support for critical infrastructure operators will be invaluable for Australian businesses that have felt the brunt of the ongoing surge in cyber criminal activity – with healthcare organisations, one of the sectors designated as critical infrastructure operators in the SOCI Act overhaul, particularly targeted.

Western Sydney’s Crown Princess Mary Cancer Centre, located within the Westmead Hospital, became the latest in a string of healthcare facilities to be targeted by attackers as cyber criminals – reportedly part of the Medusa cyber extortion gang – demanded a ransom to prevent the release of confidential medical records within days.

Last week, Medusa published 100GB of confidential data – including students’ psychological reports, details of special needs students, and documented abuse allegations – after its ransomware compromise of the Minneapolis Public School District.

The frequency and severity of the attacks has driven a crisis of confidence in the healthcare sector, according to a new Trellix survey of 1,000 Australian cybersecurity professionals that found 83 per cent of healthcare respondents don’t feel their organisation can quickly adapt to new cyber threats.

Fully 60 per cent of respondents feel like they’re losing the battle against cybercriminals, the survey found, with 42 per cent acknowledging the existence of “blind spots” in their cyber security defences – even as healthcare organisations are pummelled with nearly 50 cyber security incidents every day.

Some 71 data breaches involving health service providers were reported during the second half of 2022 alone, according to Office of the Australian Information Commissioner (OAIC) statistics that showed financial services (68 breaches) and insurance (42 breaches) remain the most frequently hit by breaches.

The frequency of malicious or criminal attacks increased by 41 per cent over the first half of last year, the OAIC said, with 46 such attacks against financial services companies and 37 against health service providers.

“The decision to pay or not to pay the ransom is nuanced, and nowhere is this more apparent than in the healthcare industry,” said Palo Alto Networks field chief security officer APAC Alex Nehmy.

“Patients’ medical data, and in some cases their access to life-saving medical care, need to be considered and will likely take precedence.”