Australian Utility Audit Report November 11 2021

Queensland Audit Office (QAO) Water 2021 Report finds one breach and significant control weaknesses in the security of information systems.

Sunwater has acknowledge it was the organisation reported breached in the report.

Queensland Audit Office: Water 2021 Audit Report
Related: Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach
Reported in: Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach | ABC News (Australia)

Read more Queensland Audit Office Reports and more general Queensland Incidents

Six water authorities including Seqwater, Sunwater, Urban utilities, Unitywater, Gladstone Area Water Board and the Mount Isa Water board were examined in the report, which warned of vulnerability in information systems.

Deficiencies in internal controls including relating to funds transfer payment information, were also highlighted.

The 36-page report called for immediate action to fix “ongoing security weaknesses in information systems”.

The report said despite the audit office last year recommending that entities strengthen the security of their information systems, not all had acted to address the issue.

The researchers observed that public entities have already implemented some security measures following the recommendations given last year, however, there are still security aspects that need to be covered. For instance, reporting systems and security threat detection should be implemented, every external system where the public has access should have MFA enabled, the minimum eight-character password length requirement should be applied.

The experts also noticed that there is a need for security awareness pieces of training and the implementation of processes that have the role to identify critical security vulnerabilities.