Author Identifier

Glenn Murray

https://orcid.org/0009-0005-6234-2510

Date of Award

2024

Document Type

Thesis - ECU Access Only

Publisher

Edith Cowan University

Degree Name

Doctor of Philosophy

School

School of Science

First Supervisor

Mike Johnstone

Second Supervisor

Michael Crawley

Abstract

As cyber threats continue to evolve, the protection of critical infrastructure has become a paramount concern, particularly considering the devastating potential these threats hold. The 2024 cyberattack on Change Healthcare, which resulted in significant financial losses for UnitedHealth, $870 million in the first quarter alone and up to $1.6 billion for the year, highlights the urgent need for effective cybersecurity measures to safeguard essential services. This thesis investigates the cybersecurity maturity of Australian critical infrastructure healthcare and, food and grocery sectors., focusing on key areas such as governance, risk management, protective measures, detection capabilities, response and recovery protocols, compliance and assurance, and employee training and awareness.

This research employs a qualitative approach, using two rounds of semi-structured interviews with cybersecurity professionals, board members, and directors to gather in-depth insights into the current state of cybersecurity within these organisations. Thematic analysis conducted with Leximancer software identifies critical gaps in cybersecurity practices, particularly within the public sector, revealing systemic vulnerabilities that could be exploited by malicious actors.

A major contribution of this thesis is the development of the Cyber Security Maturity Model (CSMM), a framework designed to enhance the cybersecurity practices of critical infrastructure sectors. The CSMM suggests guidelines for policymakers, administrators, and cybersecurity professionals, enabling them to strengthen their organisations' defences and improve overall resilience against cyber threats.

The findings of this research confirm the need for comprehensive training programs, strategic planning, and better resource allocation to enhance cybersecurity resilience. This thesis offers a structured approach to addressing these challenges, contributing to the ongoing efforts to secure Australia's critical infrastructure. The insights and recommendations presented in this study contribute to the development of more robust cybersecurity strategies, ensuring the continued protection of essential services in an increasingly hostile cyber environment.

DOI

10.25958/t9xj-0003

Access Note

Access to this thesis is embargoed until 10th January 2030

Download

Available for download on Thursday, January 10, 2030

Share

 
COinS