Article
Telecommunications

Australia: 11% of Cyber Incidents Hit Infrastructure

By Stella Nolan
May 13, 2025
undefined mins
Share this article
Prioritise Us on Google
Share this article
Prioritise Us on Google
Australian critical infrastructure is facing an unprecedented rise in cyberattacks
Australian Signals Directorate says 11% of 1,100 cyber incidents in targeted critical infrastructure, with phishing & credential compromise leading threats

Australian critical infrastructure is facing an unprecedented rise in cyberattacks, with sectors such as energy, water, healthcare and transportation experiencing a 50% increase in incidents from 2021–22 to 2022–23, according to the Australian Signals Directorate (ASD).

Although the number of attacks dipped slightly to 121 in 2023–24, authorities remain deeply concerned about both the volume and sophistication of these threats.

Convergence of OT and IT: expanding the attack surface

A key driver behind the escalating risk is the convergence of Operational Technology (OT) and Information Technology (IT) systems.

While the integration delivers operational efficiencies and real-time monitoring, it exposes previously isolated OT environments to the vulnerabilities typical of IT networks. As legacy OT systems become increasingly connected, threat actors exploit weak points such as outdated endpoints and insecure third-party vendors, targeting systems never designed for the current threat landscape.

Youtube Placeholder

The nature of recent attacks

The ASD’s data reveals that 57% of cyber incidents impacting critical infrastructure in 2022–23 involved compromised credentials, denial-of-service attacks, or unauthorised access to networks and infrastructure.

The attacks can disrupt essential services, undermine public trust and trigger cascading effects across interconnected systems. More than 11% of all cyber incidents in the past year involved sectors including electricity, gas, water, education and transport, with tangible consequences such as hospital disruptions, water quality risks and widespread power outages.

State actors and sophisticated threats

The threat landscape is further complicated by the involvement of state-sponsored actors alongside financially motivated cybercriminals.

The adversaries are often highly resourced and strategic, focusing on intelligence gathering, operational disruption and probing systemic weaknesses.

Australian Defence Minister Richard Marles

Australian Defence Minister Richard Marles expressed the gravity of the situation: “We are worryingly seeing an increased focus by both cyber criminals and state actors on our critical infrastructure.”

The business imperative: collaboration and compliance

Addressing the risks demands robust collaboration between the public and private sectors. Today, cybersecurity is a fundamental component of infrastructure operations, with ongoing risk assessments, workforce training, network segmentation and incident response planning becoming standard practice.

The Australian Government has responded with the 2023–2030 Cyber Security Strategy, a multi-layered defence framework designed to enhance protection at every level and enforce stricter compliance obligations.

“This report underlines the urgency of our systemic response to the cybersecurity threat. This is our fastest-growing threat and we need to use all the tools available to government and business to confront it.”

Tony Burke, Minister for Home Affairs and Cyber Security

Industry response: technology and expertise

Specialist cybersecurity providers are pivotal in strengthening defences for critical infrastructure. Companies like Borderless CS work with municipal councils to install proactive endpoint protection systems, enabling early threat detection and streamlined incident response.

Meanwhile, OT-focused providers offer protocol consulting, security posture reviews and tailored hardening solutions for industrial systems, including SCADA and PLCs.

Industrial Defender, for example, supports operators in aligning with the Critical Infrastructure Risk Management Program (CIRMP) and the Australian Energy Sector Cyber Security Framework, ensuring compliance and maturity of security controls ahead of regulatory deadlines.

Youtube Placeholder

Intelligence sharing and public awareness

Beyond technical measures, public awareness campaigns and cross-sector intelligence sharing are vital.

Initiatives such as the Australian Cyber Security Centre (ACSC) facilitate collaborative responses and situational awareness, helping to limit the spread and impact of cyber threats.

Building national cyber resilience

The continuing rise in cyberattacks targeting Australia’s critical infrastructure is a national security concern. As system connectivity expands, companies are urged to adopt layered security, enforce rigorous access controls and foster a security-centric culture at every level.

Minister Marles reinforced the importance of partnership: “The report reiterates the importance of having genuine partnerships between the public and private sectors to bolster our nation’s cyber defences.”

With ongoing investment, sector-wide collaboration and a focus on compliance and innovation, Australia’s telecommunications and infrastructure providers are working to safeguard the essential services that underpin the nation’s economy and public safety.

Explore the latest edition of Mobile Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cloud & 5G LIVE. Discover all our upcoming events and secure your tickets today.

Sign up to receive the Mobile Magazine weekly newsletter.

 

Mobile Magazine is a BizClik brand

Tags

AustraliaCyber-attacksOperational TechnologyInformation technologyoutdated endpointsinsecure third-party vendorsdenial-of-service attacksAustralian Signals Directorateunauthorised access to networks and infrastructureASD Cyber Threat ReportAustralian governmentCybersecurity strategyBorderless CSearly detection threatSCADAPLCAustralian Cyber Security CentreTelcoTelecommunications