The world is seemingly becoming a more uncertain, violent and disorderly place. Russia’s invasion of Ukraine, an associated energy crisis and risk of famine in countries which traditionally received Ukrainian wheat, the assassination of Shinzo Abe using a home-made weapon, and China’s outward-focussed defence posture are just some of the dangers the world currently experiences.
Australia has been largely spared from geopolitical issues to date, but it’s unclear for how long that will be the case. There is a common perception the Federal Government is “all knowing and all seeing”, however, in reality, there are a lot of blind spots in our life ‘support systems’ for everyday existence – the narrowly-avoided national crisis in December 2021 around shortage of AdBlue (which now looms again) and the power crisis in June are the latest examples. In many ways, we are a Lucky Country to have avoided more issues.
However, our security around critical infrastructure is in some ways lacking compared to world standards, probably because there have been no known attacks on power stations, substations, water dams, undersea cables or other key assets in Australia.
As the US saw with the 9/11 attacks, the concept of a significant incident on home soil may seem limited – until it happens. It’s also important to remember that with Australia taking rightful posture as an ally of US and the West, it exposes itself to the risk of a local state-sponsored terror event.
Being reactive and waiting for a threat to strike before hardening our key assets has clear limitations. It would be akin to removing bomb scanners from our airports as ‘no one brought a bomb on a plane here recently’. Just because something has not happened recently – or ever – does not mean it won’t happen at all.
In the US, critical infrastructure is hardened with multiple layers of physical security, with ongoing re-assessments of what is needed. Even approaching the target – like a power grid – within several kilometres is incredibly difficult. In Australia, you can simply drive up to many critical assets.
While we don’t have a gun-owning population that can result in attacks like that of the sniper who shot at a California substation, it is prudent to assume the bad guys have access to weapons and technologies needed.
There has been a good amount of well-deserved focus on cyber security with a substantially cyber-focussed Security Legislative Amendment (Critical Infrastructure Protection) Bill. However, there is progress to be made around old-fashioned physical perimeter protection.
A fast emerging threat vector comes in the form of consumer-grade and commercial drones. In the context of critical infrastructure, a $2,000 drone purchased freely from an electronics store, can do a lot of damage in wrong hands.
Drones can be: used for scouting operational procedures and security arrangements of critical infrastructure sites; strapped with a payload to detonate an explosion to take down power generators or substations; dropped into a cooling stack of a power station forcing it to be shut down; piloted into a water dam to poison supply; used to hack into critical infrastructure networks, plant viruses, and shut down infrastructure with demands for ransom.
Countering these threats requires the ability to detect, assess and respond quickly. Detection comes in the form of radio frequency monitoring, radars and camera sensors, with data stitched together and analysed to provide real-time information about the presence of a drone. Assessment is based on protocols specific to a site, and considers the distance from the perimeter of that site, the size of the drone, the number of drones, and the threat profile of the units. Response varies, spanning the ability to jam and take down the devices, through to sending security or law enforcement to the identifies location of the drone’s pilot.
Responsibility for such security is often shared between multiple parties, including security teams at the facilities, Australian Federal Police, and in some cases (such as at offshore oil wells) the navy. The sharing element can make it harder to have an overall effective security policy.
Risk management can fundamentally be thought of as ‘risk reward payoff’ – cost of the additional security layer versus the amount of danger it can mitigate. Analysing the devastating market effect of an attack is important to show the reason behind spending. Counter-drone security (and perimeter security more generally) seems a reasonable investment when the potential cost of disruption is livelihoods of millions of Australians, or in fact their lives (for example, if a water source was poisoned).
Overall, there are four elements that make up the ‘cost’ of such an attack: the physical damage itself; disruption in power or water supply; increased security costs as a rapid response; and reduction in citizen confidence in ‘the system’.
With critical infrastructure becoming an increased target in the physical world as well as the digital realm, it’s imperative to harden the assets which are crucial to our livelihoods to avoid a rise in instances of damage control. Even the most basic drones have brought airports to a standstill as but negligent pilots inadvertently flew too close; in the wrong hands, and particularly when armed, the cost of ignoring this new threat vector far surpasses the cost of protecting against it.
About the author:
Oleg Vornik is the Chief Executive Officer of DroneShield (ASX:DRO), a Sydney-based security technology company which develops and supplies Artificial Intelligence based platforms for protection against advanced threats such as drones and autonomous systems. Its customers, in addition to critical infrastructure, include military, intelligence community, government, law enforcement, and airports globally.