As many as 3 million Australian homes were minutes away from losing power last month after a major energy network was hit by a ransomware attack.
Queensland’s CS Energy was the target of a sustained ransomware attack on Nov. 27, in what the utility’s chief executive officer has described as a worryingly accelerating trend.
The attack was thwarted before it had the potential to shut the company’s two thermal coal plants. Had the damage taken hold, it could have affected 35,000 megawatts of power, leaving 1.4 million to 3 million homes in the dark.
Even without reaching the generators, the attack was reportedly able to disable a number of the company’s corporate systems, with many employees being denied access to their emails.
“CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes,” CS Energy CEO Andrew Bills said. “We immediately notified relevant state and federal agencies and are working closely with them and other security experts.”
Bills noted that cyber events are “a growing trend in Australia and overseas.”
“This incident may have affected our corporate network, but we are fortunate to have a resilient and highly skilled workforce who remain focused on ensuring CS Energy continues to deliver electricity to Queenslanders.”
“The Australian government took early action in engaging with those who were directly under threat, and we were able to ensure that the worst of those scenarios did not eventuate,” he said.
“So it was the early action of our cyber authorities that avoided a bad outcome there. And I want to thank them for the great work they do. We do know that cyber threats to Australia are real, both in a defense sense, but also just in a civil space as well.”
Morrison also highlighted that criminal actors were looking to take advantage of Australians and Australian businesses.
“It’s so important that Australian businesses listen carefully and take the advice of our cyber security agencies,” he said. “Australia is one of the world leaders in this space, and that’s why we could enter into an agreement with the United States because they know how good our people are in this space. And that was one of the attractions for working with Australia because we complement one another with the United Kingdom, and we are pacesetters when it comes to cyber security.”
Morrison also refused to confirm earlier reports that the attack was carried out by Chinese hackers, after News Corp. publications on Dec. 8 linked the attack to Chinese hackers, citing people familiar with the matter.
However, Queensland National Sen. Matt Canavan told Nine Network that the attack underscores how important it is to secure Australia and reduce the country’s dependence on the regime in China, “who are acting like a bully in our region.”
“This is not an attack or a suspected attack on an Australian government agency. ... It’s on a private company in Queensland.”
“When it comes to Australia, the Russians don’t have the intent, they don’t have the same deep interests that Beijing has with Australia because of the massive two-way relationship and because Australia’s decisions in our national interest have influenced global debates in ways Beijing doesn’t like,” he said.
“The Chinese scale of cyber activity is larger because they’re wealthier, they have a lot of homegrown technologies they can use, and also it’s a state-corporate endeavor where state-owned and private corporations can be compelled to work for the state, and that adds to their capability.”
Earlier this year, Home Affairs Minister Karen Andrews said cybersecurity was her “No. 1 priority.”
“We are very much aware that many nations—including China—have significantly increased their cyber capability. Australia is also increasing its legitimate and lawful cyber activity as well.”