In February 2024, the Australian Security Intelligence Organisation (ASIO) said the sabotage threat in Australia could re-emerge, particularly for critical infrastructure. ASIO is seeing both terrorists and spies talking about sabotage, researching sabotage, conducting reconnaissance for sabotage.
The most immediate, low cost and potentially high-impact vector for sabotage is cyber. Australia’s critical infrastructure networks are interconnected and interdependent, increasing the collective vulnerabilities and potential access points.
The Optus telecommunications outage of 2023, which spanned less than one day, inflicted cascading effects across a swath of Australian society and economy. Essential services that people take for granted proved to be fragile. Imagine the consequences if sabotage disabled all the telecommunications networks, or turned off the electricity, for days. Society would cease to function.
This is not hypothetical: ASIO notes that foreign governments have highly skilled cyber teams investigating these possibilities, although the consequences may materialise only during a prelude to conflict or conflict. Russia has used cyber attacks and kinetic means to destroy Ukraine’s critical infrastructure.
ASIO is aware of one nation state conducting multiple attempts to scan critical infrastructure in Australia and other countries, targeting water, transport and energy networks. ASIO assesses the state is not actively planning sabotage but is trying to gain persistent undetected access that could allow it to conduct sabotage.
Sabotage can also be undertaken by insider threats – employees and contractors who have legitimate access to an entity’s assets enabling them to sabotage. Australia’s Security of Critical Infrastructure (SOCI) Act mandates SOCI entities have an insider threat program.
Over the last 18 months ASIO has seen an increase in the number of nationalist and racist violent extremists advocating sabotage in private conversations, both in Australia and overseas. ASIO has seen them talking of attacks on power networks, electricity substations and railway networks. In the United States extremist attacks on critical infrastructure are growing in number, sophistication and impact.
One person – the trusted insider – may have the capability to inflict enormous and consequential damage to critical infrastructure.
Take away message?
Australian critical infrastructure assets are targets: some will now be penetrated through cyber means and have resident insider threats.
In our increasingly polarised society do SOCI entities understand if their candidates, employees and contractors hold views inimical to the SOCI business, views which might lead to sabotage?
SOCI entity boards and executives need to act now, informed by their CIRMP and cyber security plans, to mitigate the risks of sabotage and insider threat.
