Security of Critical Infrastructure Act 2018 –

Mandatory Cyber Incident Reporting
Initial guidance for Critical Infrastructure Sectors

if you are a cyber security team member in any role working for any of the 13 critical infrastructure sectors under the SOCI Act Obligation, you must familiarise yourself with the requirements of the SOCI Act. There is a broader organisational, national and community benefit as well as purpose to the regulation and knowing your role in making meaningful contribution to this purpose will take you a long way in your career.

One of the SOCI Act obligations in Mandatory Cyber Incident Reporting within 12 hours of becoming aware of a critical cyber incident (there are provisions, see PDF). For your awareness, you may enquire with your Security Operations team of the process flow for incident reporting related to SOCI. There should be a specific role or individual responsible for picking up the phone and calling the number in the infographic below. As an exercise, you can find out who that person is in your organization. To your surprise the person or role, may not be a part of the cyber security team, varies from organisation to organisation.

You can also bookmark this direct linkĀ – https://www.cisc.gov.au/resources-contact-information-subsite/Documents/mcir-guidance.pdf

Commonly found SCADA / IOT/ OT / ICS security issues

Commonly found SCADA / IOT / OT / ICS security issues

Purdue model

Perdue Model ICS Security
https://www.zscaler.com/resources/security-terms-glossary/what-is-purdue-model-ics-security
  • Applying traditional corporate IT policies to the SCADA environment
  • Default passwords
  • No segregation of network/duties
  • RTUs PLCs can be accessed through a web interface
  • Obsolete OS, missing patch levels, lack of AV support in fear of system disruption
  • No application and OS hardening
  • Some common ports are enabled (SSH, SNMP, telnet) potentially vulnerable to DOS attack
  • Control Room with full access and auto logins
No alt text provided for this image
0.png
0
NN-Deployment-Architecture-SG-18-5

Vendors

Hirschmann, Tofino, ProSoft, Claroty, and Forescout., Nomzi, Dragos