A/NZ critical infrastructure industry to see big security uplift

By Dylan Bushell-Embling
Tuesday, 28 November, 2023

Critical infrastructure owners and operators across Australia and New Zealand are expected to implement major cybersecurity improvements next year as new regulatory requirements take effect, according to experts from Nozomi Networks.

The company’s Regional Senior Director, Anthony Stitt, noted that the grace periods for the implementation of new Security of Critical Infrastructure requirements implemented by the Australian Government in 2018 are coming to an end.

“[This means] we’ll see regulated critical infrastructure providers continue to uplift their OT and IoT security posture. Interest from non-regulated adjacent industries is high and more organisations will begin the journey,” he said.

Meanwhile the government’s inaugural Critical Infrastructure Annual Risk Review highlighted important risks such as vulnerabilities in the connections between IT, operational technology and IoT environments, which the industry will soon need to address.

“One of the key issues to address is visibility over deep, widely connected networks with so many devices potentially talking to each other. All too often, IT and OT networks run together on the same flat network,” he said. “For these organisations, many are planning segmentation projects, but they are complex and disruptive to implement, so in the meantime organisations want to understand what’s going on in these environments.”

But Nozomi Networks Director of Customer Success and Technical Support for Asia Pacific Marty Rickard noted that there are still significant issues to overcome.

“The industry in Australia and New Zealand is still embattled with a major skills shortage. The limited talent we have is spread primarily among vendors, leaving gaps in internal OT teams and partners, which provide a broader range of security-focused services,” he said.

The company’s Solutions Architect for Australia and New Zealand Dean Frye said the industry will need to respond to these issues. “There are still too many projects taking place where secure by design isn’t considered, isn’t known or understood as a concept,” he said. “We need a major education and upskilling journey to change this, and the advent of SOCI, greater knowledge sharing between facilities managers, OT professionals and others are making a difference.”

Image credit: iStock.com/metamorworks