In an increasingly interconnected world, the risk of cyber-attacks is rising quickly. The Australian Government released its $1.67 billion Cyber Security Package last year to defend sectors including healthcare, essential services, and critical infrastructure against increased cyber threats.
Between 1 July 2019 and 30 June 2020, the Australian Cyber Security Centre (ACSC) has on average responded to five to six cybersecurity incidents and received 163 cybercrime reports on a daily basis. It also estimates that a four-week interruption to digital infrastructure from a significant cyber incident would cost $30 billion – around 1.5% of the country’s GDP – and around 163,000 jobs.
“This is why we need cyber engineers,” said Robert Di Pietro, Partner and Cyber Security Lead for Critical Infrastructure and Operational Technology at PwC. He further stated that it is no longer adequate to have cyber engineers add on cybersecurity at the end. Instead, cybersecurity should be built into engineering design. This view is echoed by Professor Jill Slay, SmartSat Professorial Chair in Cybersecurity at the University of South Australia. She also said a fundamental challenge in the digital society is that security experts are playing catch up to cybercriminals who become more sophisticated. This calls for a new kind of engineering for the new disciplines or professions that are arising – cyber engineering. Rather than bolting on the security layer at the end, cyber engineering is about building cybersecurity into engineering designs right from the beginning.
Slay said cybersecurity education needs to be built into engineering courses in Australia and more emphasis should be placed on control system security. From electricity, water, and gas infrastructure to complex vehicles like fighter planes, they are all plugged into huge control systems, making them vulnerable through this. “But we’ve never trained in that part of the security,” said Slay.
According to Di Pietro, the task of upskilling engineers in cybersecurity space engineering does not just fall on universities. Engineering companies should also proactively upskill their engineers through various pathways such as online courses.
Engineers are known to have a great mindset to learn and a great understanding of not only technology but of process engineering and the lower-level aspects of the systems they build. Unsurprisingly, Di Pietro often found that engineers love the challenge of learning cybersecurity and integrating it into what they do for their job.
Perhaps the most immediate and easiest step to take towards better cybersecurity is a shift in mindset. Engineers traditionally design things to be resilient to physical damage from the immediate environment, but the cyber angle is different. Cybercriminals are not limited by distance. You might be shaking your head and wonder why someone might want to change the telemetry on a system so you couldn’t know the real pressure on a valve. However, thinking more about the cybersecurity of these systems is the right way to go forward.
“Now that we’ve got systems interconnected with other systems and networks, we can no longer rely on things being physically or geographically isolated because they can be attacked from anyone, potentially anywhere, over a network,” Di Pietro said.
“There’s a real shift in the mindset for a lot of organizations, and certainly a lot of engineers who I speak to are grappling with that very different type of threat.”
Muldowney, Susan 2021, Cyber engineering is about more than keeping digital systems safe, 6th April 2021, https://createdigital.org.au/cyber-engineering-new-way-of-thinking/
Australian Government Department of Home Affairs 2020, Cyber Security, viewed 6th April 2021, https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy