Share this article on:
Ausgrid reveals potential cost of a cyber attack in response to 2023–30 Australian Cyber Security Strategy: Legislative Reforms Consultation Paper.
Australia’s largest east coast electricity provider has revealed the staggering potential cost of a cyber attack in a submission to the Cyber Security Expert Advisory Board.
In its response to the board’s 2023–30 Australian Cyber Security Strategy: Legislative Reforms Consultation Paper, Ausgrid has said a cyber attack on its systems could cost upwards of $2.9 billion each day that services are disrupted.
“Ausgrid operates a shared electricity network that powers the homes and businesses of more than 4 million Australians living and working in an area that covers over 22,000 square kilometres from the Sydney CBD to the Upper Hunter,” Murray Chandler, Ausgrid’s head of network strategy and future grid, said in the submission, before going into detail on the potential impact of a cyber attack.
“As the most populous network area and financial capital of Australia, over 20 per cent of Australia’s GDP is generated within our network area.
“We supply energy to 105 hospitals, Australia’s only radiopharmaceuticals production facility, four of the world‘s top 200 ranking universities, three major ports and 37 per cent of Australia’s financial services industry. This means that a cyber attack on our network, even for a few hours, would severely disrupt lives and livelihoods.”
According to Ausgrid, the cost of an attack that causes a “complete shutdown of our infrastructure” could cost more than $2.9 billion each day, or $120 million per hour of disruption.
“We support the board’s ambitions for Australia to become the most cyber secure nation in the world by 2030 and broadly support the consultation paper,” Chandler said.
Ausgrid’s support may be broad, but the rest of its submission did contain some specific points of contention.
For instance, when it comes to mandatory ransomware reporting, “Ausgrid supports the $10 million per year threshold for mandatory reporting. However, Ausgrid sees merit in lower threshold voluntary reporting so that the government can release case studies and alerts about incidents that impact smaller entities.”
Similarly, Ausgrid does support a 72-hour initial reporting window for ransomware attacks but also notes that detailed reporting is another case entirely.
“We do not recommend a time frame for detailed reporting as it will depend on the complexity of the incident and will need to be agreed upon between relevant parties based on the circumstances,” Ausgrid said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.