Building stronger critical infrastructure with Zero Trust

Australia’s critical infrastructure is the backbone of our economy and daily lives. From the energy that powers our homes to the water we drink and the healthcare system we depend on, these essential services must be prepared to withstand any challenge. But as global tensions and cyber attacks grow more sophisticated, resilience has become more important than ever.

Resilience ensures critical infrastructure can adapt, recover and thrive in the face of any disruption. To address this, the Australian Government has introduced stronger cybersecurity measures, including a new legislation mandating the reporting of ransom payments. The establishment of the Cyber Infrastructure and Cyber Security Centre is another step forward, helping infrastructure owners better manage risks and prepare for the unexpected.

As critical infrastructure become more interconnected, robust cybersecurity measures are essential to ensure resilience. But what are the biggest threats to our most important assets? Why is protecting them crucial to national security and citizens? And how can we safeguard them during economic uncertainty?

The answer lies in adopting a Zero Trust model.

Zero Trust is a security model built on the idea of ‘trust nothing, verify everything’. It assumes breaches are inevitable and focuses on limiting their impact by continuously verifying every user, device and system. Think of it like securing a house. Traditional security methods rely on locking the front door to keep intruders out. But Zero Trust assumes an intruder might still get in. Once inside, they encounter locked doors, drawers and cabinets, at every turn, making it nearly impossible to cause widespread harm.

To make Zero Trust effective for critical infrastructure, resilience must be built into every layer of security. This means adopting a proactive approach that addresses vulnerabilities, ensures systems can recover quickly, and limits the impact of breaches. Below are the key principles of Zero Trust that can help achieve this.

1. Understand and share threat intelligence

Critical infrastructure operators need real-time information about cyber threats to stay ahead of attackers. For example, if a water utility identifies unusual login attempts on its control systems, sharing that data with other utilities and government agencies can prevent broader disruption.

Sharing information about attack patterns, indicators of compromise and mitigation strategies strengthens collective defences, enabling faster detection and response across the sector.

2. Work closely with government

Government support is vital to protecting critical systems. Through programs like the Australian Cyber Security Centre’s Partner Program, infrastructure operators can access expert guidance, share security insights and align with national cybersecurity priorities. The ability to support and learn from each other with a move to a collective understanding helps lift cyber resilience and strengthens national security.

3. Network segmentation

Critical infrastructure often combines operational technologies (OT) with traditional IT systems creating vulnerabilities. Network segmentation — a key step in the Zero Trust framework — reduces risks by isolating critical systems like turbines and water controls from other networks like employee workstations.

Segmentation minimises the attack surface and limits the hacker’s ability to move through the network. If one segment is breached, it’s easier to identify, isolate and remediate the issue blocking access to other networks. This reduces the spread of attacks, assists with regulatory compliance, and simplifies detection and response.

4. Secure digital identity and access

Zero Trust ensures that only the right people and devices can access critical systems, verifying all access attempts and eliminating implicit trust. For example, in a telecommunications company, access to systems managing core network infrastructure, such as mobile towers, could be restricted to authorised engineers and technicians on the specific networks they’re approved for. Tools like multi-factor authentication (MFA) add an extra layer of protection, ensuring that even if a password is stolen, attackers can’t gain entry.

5. Continuous monitoring

Zero Trust includes continuous monitoring to detect and respond to suspicious activity, such as attempts to access systems from unusual locations or devices. For example, access might be revoked if a login from an unexpected location is detected. However, implementing monitoring for critical infrastructure can be challenging due to legacy systems, large data volumes and poor tool integration, which may lead to false positives and alert fatigue.

Despite these hurdles, advancements in AI are making monitoring more effective. AI can analyse vast amounts of data quickly, identify meaningful patterns, flag genuine threats in real time, and even remediate them as they go enhancing security for critical systems and reducing operational disruptions. In today’s world, threats are becoming more frequent and harder to predict. Zero Trust provides a way to stay ahead by assuming breaches will happen and building systems that can adapt and recover. By taking small, steady steps towards a Zero Trust framework and minimising the lateral movement of an attack, Australia’s critical infrastructure can evolve to face the increasing threat surface.

Top image credit: iStock.com/BlackJack3D