An expert who advised the prime minister ahead of the government's Cyber Security Strategy has shared his grave concerns about the security of critical infrastructure in Australia.
Dr Tobias Feakin, head of the Australian Strategic Policy Institute's International Cyber Policy Centre, was speaking as part of a panel at SINET61 in Sydney this week.
"Naming no names," he said, "I've been party to conversations with some very large infrastructure delivery companies where that cyber security discussion is not happening at the board level.
"So the drop off point seems to be quite sharp in the critical infrastructure scene in Australia. That concerns me."
Feakin was appointed by prime minister Malcolm Turnbull to be part of a panel of experts to advise on the Australian Cyber Security Review in 2014. Though a classified document, the ideas within the review underpin this year's Cyber Security Strategy.
No measures to secure critical infrastructure are put forward in the strategy, aside from a mention that the Australian Cyber Security Centre was "improving its links to critical infrastructure providers".
Feakin revealed that the panel had had "a conversation" around critical infrastructure protection but said "there's more work to be done".
Power play
The expansion of the Internet of Things and the rise of smart cities required a better understanding of where vulnerabilities lay, Feakin said.
"I do think we reach a juncture where we're not comprehending what's critical, where those nodes exist, where the interdependencies lie," said Feakin. "With increased roll out of government services online, increased data pools existing, I'm not quite sure we're clear let alone where physical infrastructure is, but where that [digital] part of infrastructure is. We're struggling."
A 2014 study from Unisys revealed that 86 per cent of critical infrastructure providers in Australia and New Zealand had suffered a breach that led to the loss of confidential information or disruption of operations.
The politics and power plays happening in the APAC region were also a concern, Feakin added.
"[Infrastructure] is not being done with cyber security baked in at a level I think is necessary. Especially when you're overlapping that with the kind of strategic change that we're seeing in this region which invariably does play a role in everything we see in the cyber domain.
"We see everything going on in the physical world being reflected in the cyber domain."
Although it sounded like a "dangerous mix", Feakin said the situation represented a "tremendous opportunity" in Australia for government and industry to collaborate and propose policy in the area.