Critical Infrastructure Cyber Security

"Experts are the ones who think they know everything. Geniuses are the ones who know they don't" - Simon Sinek


adjective: cyber

  1. relating to or characteristic of the culture of computers, information technology, and virtual reality.


noun: security

  1. the state of being free from danger or threat.

Cyber-attacks are continually rising each year with the number of threat actors increasing and their capabilities expanding. In FY2020 the ACSC Annual Cyber Threat Report noted:

  • 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year.
  • Self-reported losses from cybercrime total more than $33 billion.
  • Approximately one quarter of reported cyber security incidents affected entities associated with Australia's critical infrastructure.
  • Nearly 500 ransomware cybercrime reports, an increase of nearly 15% from the previous financial year

As a result of cyber security threats and incidents, and recommendations from independent review, the Department of Home Affairs is promoting an uplift of cybersecurity across critical infrastructure.

Cyber security can range anywhere from simple password management through to comprehensive cybersecurity solutions to assess, build and manage cybersecurity and incident responses to a myriad of potential threats

OT networks and ICS systems typically use legacy infrastructure, operating systems and out of date patches. The most critical systems are frequently the most vulnerable.

Cromarty have many years of experience in assisting organisations implementing, securing and analysing their OT networks and systems. This includes:

  • Developing policies, incident response plans, and procedures
  • Reviewing existing infrastructure and systems, auditing the current cyber security posture
  • Assisting in performing the Cyber Security Risk Assessment
  • Implementing systems, controls, and mitigation strategies to support cyber security and disaster recovery efforts

The services we can offer are:

  • Communication network analysis - Investigate problems with communication to controllers, inverters or other equipment.
  • Determine whether network communication between devices is responsive and error free.
  • Review configuration of network devices such as switches, routers and firewalls.
  • Cyber Security Framework Assessment - Recent legislative changes shall require critical assets to comply with a cyber security framework such as Australian Energy Sector Cyber Security Framework (AESCSF), ACSC Essential Eight or NIST. We can assist you assess the compliance of your assets and provide recommendations and actions to take to uplift your cyber security footprint.
  • Cyber Security Audit - Audit the systems, architecture, policies, practices and procedures implemented at your assets. Discover whether the actual implementation on site follows required policy direction.
  • Cyber Security Policies & Framework - Guide you on implementing your own cyber security policy and associated framework.
  • Secure Remote Access Solutions Design, Procurement, implementation and commissioning
  • Design and implementation of OT networking equipment, OT Servers, clients and workstations, SCADA, MES, Historians, etc.