Computerworld

Scada workshops launched to protect critical infrastructure

Government establishes new portal

The federal government is conducting a series of workshops on cyber threats to supervisory and industrial control systems.

ICT Minister, Helen Coonan, said today the government recognizes the important role of Scada systems and the seriousness of the cyber threat.

"These systems play a vital role in Australia's critical infrastructure," Senator Coonan said.

The Minister said supervisory and industrial control systems are the 'central nervous system' for a vast array of sensors, alarms and switches that provide automated control and monitoring functions for critical infrastructure.

But they are focused on workplace safety, not IT, and are typically used in the water, electricity, gas, transport, broadcasting and communications sectors.

"Many supervisory and industrial control systems were designed before the Internet became widely adopted. As these systems are being connected to the Internet they are being exposed to emerging IT security threats," Senator Coonan said.

This point was central to a number of presentations made at AusCERT, the leading IT security conference for the Asia Pacific, which was held last month.

The workshops and executive briefings are part of an ongoing partnership between the federal government and industry for the protection of Australia's critical infrastructure.

The government has been working with industry on the security of these systems under the auspices of the Trusted Information Sharing Network (TISN), since 2005.

"I encourage Australian companies that operate these systems to attend these sessions for leading-edge advice on threats and vulnerabilities and mitigation strategies," Senator Coonan said.

During the workshops a new information portal will be launched which will give Australian owners and operators of critical infrastructure a trusted environment for exchanging information and raise awareness of IT security issues for supervisory and industrial control systems.

The sessions will include presentations from visiting experts from the National Cyber Security Division of the United States Department of Homeland Security.

The all-day practitioner workshops and one-hour executive sessions will be held in Brisbane, Sydney, Melbourne, Perth and Adelaide in June.

For further information on these initiatives visit www.dcita.gov.au to register.

At AusCERT White House staffer Marcus Sachs told conference attendees that control systems in decades past have traditionally been private, and not connected to the Internet.

This has certainly changed today as connectivity has grown, he said.

"Weak security protocols that characterize the Internet have now transferred to industrial control systems," Sachs said.

There is no authentication in most SCADA protocols.

Page Break

"Machines trust each other. Then there is legacy architectures," Sachs said. "If vulnerable, they are too costly to upgrade."

"Most of the reported attacks are in the US, Australia and Canada; this is just the tip of the iceberg," he said.

One major problem is the serious divide between those who manage control systems and those on the IT side.

He said these are two very different worlds, with totally different mindsets.

"There is big animosity between the two groups because plant managers focus on making the plant work and don't see IT as a friend, but an enemy," Sachs said.

"The big challenge is to bring the two together and bridge the gap."

The first workshop will be held in Brisbane on June 4, 2007, and an executive session the following day. In Sydney, the workshop will be held on June 6, 2007.

This will be followed by Melbourne on June 8, 2007, and Perth on June 11 and Adelaide on June 14, 2007.

More information on TISN and on the SCADA community of interest can be found at www.tisn.gov.au

Moreover, ICT intelligence, security and Defence (IDS) are three of the fastest growing markets in the ICT industry.

Estimated spending in the Asia Pacific region is forecast to reach over $6 billion by 2009 and a special event will also be held on June 6 to address these markets.

In the wake of the Internet and technology boom of the early to mid 1990s, the defence and security of Australia and its related ICT industry has become vitally important.

The global ICT economy continues to grow exponentially, and as an emerging major player, how Australia protects and expands its market share is vital for the future success of our nation.

At the Australian Information Industry Association's (AIIA's) State of the Sector: Intelligence, Defence and Security Forum, critical issues such as these will be addressed by ICT industry intelligence, security and defence experts.

Speakers include Ian Wing, associate professor from the Australian Graduate School of Policing; Peter Lambert, Acting CIO, Defence Information Systems Division and Greg McAnulty, director of defence and intelligence at Microsoft.

The speakers will address pertinent problems facing the Australian ICT industry in the IDS sector, and measures that are needed to solve them.

Speakers will cover cross agency interoperability and collaboration as well as security clearances, service levels, the IT skills shortage and procurement.

There will be an open audience debate following the presentations to ensure transparency and openness on these critical issues.