[ISN] Group studies infrastructure security

From: InfoSec News (isn@private)
Date: Wed Mar 09 2005 - 04:02:38 PST


http://www.fcw.com/fcw/articles/2005/0307/web-scada-03-08-05.asp

By Dibya Sarkar 
March 08, 2005

The Institute for Information Infrastructure Protection, a consortium
of two dozen cybersecurity organizations charged with coordinating a
national research and development program, last week began a $8.5
million, two-year research program for securing computer-based systems
that control critical infrastructures, such as dams.

The federally-funded consortium, known as I3P, will support basic
research to understand supervisory control and data acquisition
(SCADA) systems and produce technology products to mitigate any flaws
in those systems.

Such systems control vital critical infrastructures, such as
electrical grids, oil refining plants and pipelines, and water
treatment and distribution plants. More experts are sounding an alarm
that such systems are inherently vulnerable to any cyber attack and
should be a top concern among public and private sector officials. The
federal government in the last couple of years has increased research
and development funds to find ways to protect such systems.

I3P will form a 10-member research team to identify SCADA
vulnerabilities and interdependencies and develop metrics and models
for assessment and management. It will work closely with the federal
government to improve information sharing, communications about the
systems and ensure that those who operate the systems adopt new
technologies.

"SCADA vulnerabilities remain in deployed systems because of insecure
network design and weaknesses in the host systems," said Ron Trellue,
the team's leader and deputy director of the Information Systems
Engineering Center at Sandia National Laboratory, in a press release.  
"Research will focus on addressing this problem by developing tools to
make current SCADA system configurations more secure, while in tandem
performing basic research to develop inherently secure designs for the
SCADA systems of the future."

The research team will consist of non-profit research groups such as
the MITRE Corporation and SRI International; New York University; the
Energy Department's Pacific Northwest National Laboratory; and several
academic institutions including the University of Illinois at
Urbana-Champaign, the Massachusetts Institute of Technology's Lincoln
Laboratory, New York University, the University of Tulsa (Okla.), the
University of Virginia, and Dartmouth College, which also manages the
IP3.

The consortium, which was founded in September 2001, is also actively
pursuing industry partnerships to help guide research and for
technology transfer opportunities.



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Wed Mar 09 2005 - 05:12:26 PST