Eutility's news

All news articles relating to the energy and telecommunications industries

Chinese hackers target Australian energy company

Chinese hackers came within minutes of shutting down a series of power stations capable of lighting three million homes in a sneak cyber attack of a sort experts warn are becoming increasingly common – and which could be used to limit Australia’s ability to respond to a military crisis in the future.

On November 27, Queensland’s CS Energy was subjected to a sustained ransomware attack which sources familiar with the matter say was only stopped at the last minute before it had the potential to shut down the company’s two thermal coal plants.

Had the attack been successful, it could have taken 3500 megawatts of power out of the grid – enough to power between 1.4 and three million homes – illustrating the devastating potential of cyber attacks to cripple the nation.

While the company separated its corporate and operational systems before the hackers were able to affect power generation, sources familiar with the incident say the attackers were less than an hour away from being able to shut down the generators.

Even without hitting the generators, the attack managed to disable a number of the company’s corporate systems with many employees still not having access to emails.

The incident was not a one-off. Intelligence sources say the number of cyber attacks being directed at Australia have reached a disturbing level.

Assistant Minister for Defence Andrew Hastie told The Daily Telegraph: “The cyber threat environment has deteriorated significantly … I’m deeply concerned about the increasing pace of foreign influence attempts and espionage, as well as criminal and state sponsored cyber activity against Australia.”

Numerous reports suggest foreign actors such as China and Russia are seeking the ability to shut down power supply grids and other critical infrastructure, ranging from banking systems to food supply chains, for their own strategic purposes.

In 2020-21 the government’s Cyber Threat Report found a 15 per cent increase in ransomware attacks from the previous year, with a cyber attack occurring every eight minutes.

Last year the Joint Parliamentary Committee for Intelligence and Security heard it was “100 per cent possible” foreign states already had a “dormant” presence on local critical infrastructure networks that could be activated over the course of a conflict.

Illustrating the impact such attacks can have, when Russian hackers attacked a major petrol pipeline in the US earlier this year it led to severe petrol shortages and economic chaos across the east coast of America which took weeks to work through.

The Nine Network suffered a crippling ransomware attack this year blamed on Russian hackers, that disrupted live programming and caused weeks of disruption.

The committee was also told Russia or China may use “precursor operations” to “prevent the opposing power from being able to project power”.

Committee Chair Senator James Paterson said it was ­urgent that legislation reforming emergency powers to help the government assist private companies fight ­foreign cyber threats was passed.

Among the reforms the government is pressing for is the expansion of the definition of critical infrastructure to include greater areas of the economy including health care, food distribution, and transport as well as introducing an incident reporting regime and making government assistance more easily available.

“Our cyber vulnerabilities are increasing in complexity for two reasons: firstly, the increasingly interconnected digital nature of our lives,” Mr Paterson said.

“And secondly, because of the evolving security environment in the Indo-Pacific region, particularly China’s willingness to use every domain available to achieve its geostrategic objectives, including the cyber realm.

“We’ve called out those nations who seek to subvert a peaceful cyberspace, and are investing $1.35bn to keep Australians safe online and go after criminals offshore to destroy their operations.”

In a statement company CEO Andrew Bills said: “CS Energy moved to contain this incident by segregating the corporate network from other internal networks.”

Source: The Daily Telegraph