Cyberattack on Ausgrid could generate costs of $2.9 billion a day
Ausgrid reveals the potential cost of a cyber attack in response to Australian Cyber Security Strategy 2023-2030: Legislative Reform Consultation Paper.
Australia’s east coast’s largest electricity supplier has revealed the staggering potential cost of a cyber attack in a presentation to the Cyber Security Expert Advisory Council.
In his response to the board Australian Cyber Security Strategy 2023-2030: Legislative Reform Consultation PaperAusgrid has said a cyber attack on its systems could cost more than $2.9 billion each day services are disrupted.
“Ausgrid operates a shared electricity grid that powers the homes and businesses of more than 4 million Australians living and working in an area covering more than 22,000 square kilometers from Sydney’s CBD to the Upper Hunter,” said Murray Chandler, head of of network strategy and Future Grid, said in the presentation, before going into detail about the potential impact of a cyberattack.
“As Australia’s most populous network area and financial capital, more than 20 per cent of Australia’s GDP is generated within our network area.
“We power 105 hospitals, Australia’s only radiopharmaceutical production facility, four of the world’s top 200 universities, three major ports and 37 per cent of Australia’s financial services industry. This means that a cyber attack on our network, even for a few hours, would severely disrupt lives and livelihoods.”
According to Ausgrid, the cost of an attack that causes a “complete shutdown of our infrastructure” could cost more than $2.9 billion each day, or $120 million per hour of disruption.
“We support the board’s ambitions for Australia to become the world’s most cyber-secure nation by 2030 and broadly support the consultation document,” Chandler said.
Ausgrid’s support may be broad, but the rest of his presentation contained some specific points of contention.
For example, when it comes to mandatory ransomware reporting, “Ausgrid supports the $10 million per year threshold for mandatory reporting. However, Ausgrid sees advantages in voluntary reporting with a lower threshold so that the government can publish case studies and alerts about incidents affecting smaller entities.”
Similarly, Ausgrid supports an initial 72-hour reporting period for ransomware attacks, but also notes that detailed reporting is a completely different case.
“We do not recommend a timeline for detailed reporting as this will depend on the complexity of the incident and will need to be agreed between the relevant parties based on the circumstances,” Ausgrid said.