Tackling the evolving cyber challenges in our industrial sector

Australia’s manufacturing, processing and mining industries are cornerstones of the economy, and heavily reliant on instrumentation, process control and automation systems to drive operational efficiency. These operational technology (OT) environments, however, face escalating cybersecurity risks as they become more interconnected with IT systems and external networks, requiring organisations to introduce robust cybersecurity measures to secure them.

The growing threat landscape

The 2023–24 Annual Cyber Threat Report highlighted a 13% increase in cyber incidents targeting critical infrastructure, with manufacturing and mining among the most affected. Legacy OT systems, often designed without security in mind, are particularly vulnerable. For instance, unpatched HMIs or PLCs can serve as entry points for attackers.

Recent examples underscore the real-world impact of these threats. A 2020 ransomware attack on a major Australian manufacturer saw local wool and dairy deliveries brought to a halt. In 2021, an attack on one of the world’s largest meat processors left Australian grocery stores with bare shelves.

As OT environments increasingly adopt IoT devices and cloud-based solutions, their attack surface expands, necessitating proactive cybersecurity strategies.

Collaboration between OT owners and cybersecurity stakeholders

A close working relationship between the owners of process control networks — engineers and operators managing OT systems — and cybersecurity stakeholders, including IT security teams and third-party consultants, is essential for securing industrial environments. Historically, OT and IT teams operated in silos, with differing priorities: OT focused on uptime and safety, while IT emphasised data security. This disconnect can lead to misaligned security policies, leaving gaps in protection. For example, OT engineers might prioritise system availability over applying a security patch, inadvertently exposing the network to exploits.

In Australia, fostering collaboration is critical to bridging this gap. Regular cross-functional workshops, joint risk assessments and shared governance models can align objectives. For instance, integrating OT-specific threats into enterprise-wide security operations centres (SOCs) ensures real-time threat detection without compromising operational continuity. Companies like BHP have implemented such models, embedding cybersecurity experts within OT teams to enhance threat response. This collaborative approach ensures that security measures respect the unique constraints of OT environments, such as avoiding downtime during production cycles.

The critical role of asset inventory

An accurate, up-to-date asset inventory is the foundation of effective OT cybersecurity. Without a clear understanding of all devices, software and connections within a process control networks, organisations cannot identify vulnerabilities or prioritise mitigation efforts. In Australia’s mining sector, sprawling operations with legacy and modern systems often lack comprehensive asset visibility. A 2022 ACSC report noted that 60% of critical infrastructure operators struggled to maintain complete asset inventories, hindering incident response.

Implementing automated asset discovery tools can address this challenge. These tools map OT networks, identifying devices like PLCs, SCADA systems and IoT sensors, while cataloguing firmware versions and network dependencies. By maintaining a dynamic inventory, organisations can prioritise patching, segment networks and detect anomalies, significantly improving cybersecurity outcomes.

Secure access methods for modern OT environments

Secure access to OT networks is another critical pillar of cybersecurity, but traditional methods like shared credentials or unencrypted remote access are no longer sufficient. The rise of remote operations in mining and manufacturing, accelerated by the COVID-19 pandemic, has increased reliance on remote access for maintenance and monitoring. However, weak access controls are exposing these OT systems to external threats. The 2021 Colonial Pipeline attack in the US, though not Australian, highlighted how compromised remote access can cripple operations.

Modern OT environments require secure access solutions like Zero Trust Architecture (ZTA) and multi-factor authentication (MFA). ZTA verifies every access attempt to the process control network, regardless of location, reducing the risk of unauthorised entry, while MFA adds additional layers of protection, ensuring that even stolen credentials cannot be easily exploited. Australian firms are increasingly adopting these methods, with one WA mining company reducing unauthorised access attempts by 80% after implementing ZTA in its SCADA systems.

Conclusion

Australia’s instrumentation, process control and automation industries face a complex cybersecurity landscape, driven by digital transformation and evolving threats. By fostering collaboration between process control network owners and cybersecurity stakeholders, maintaining comprehensive asset inventories and implementing secure access methods, organisations can significantly enhance OT security.

*Leon Poggioli is Regional Vice President ANZ at Claroty, a technology company focused on cybersecurity for industrial and healthcare environments. In his role, Leon is committed to protecting Australian organisations against cyber attacks, particularly the critical infrastructure that keeps our nation running.

Top image credit: iStock.com/Traitov