http://www.fcw.com/fcw/articles/2005/0307/web-scada-03-08-05.asp By Dibya Sarkar March 08, 2005 The Institute for Information Infrastructure Protection, a consortium of two dozen cybersecurity organizations charged with coordinating a national research and development program, last week began a $8.5 million, two-year research program for securing computer-based systems that control critical infrastructures, such as dams. The federally-funded consortium, known as I3P, will support basic research to understand supervisory control and data acquisition (SCADA) systems and produce technology products to mitigate any flaws in those systems. Such systems control vital critical infrastructures, such as electrical grids, oil refining plants and pipelines, and water treatment and distribution plants. More experts are sounding an alarm that such systems are inherently vulnerable to any cyber attack and should be a top concern among public and private sector officials. The federal government in the last couple of years has increased research and development funds to find ways to protect such systems. I3P will form a 10-member research team to identify SCADA vulnerabilities and interdependencies and develop metrics and models for assessment and management. It will work closely with the federal government to improve information sharing, communications about the systems and ensure that those who operate the systems adopt new technologies. "SCADA vulnerabilities remain in deployed systems because of insecure network design and weaknesses in the host systems," said Ron Trellue, the team's leader and deputy director of the Information Systems Engineering Center at Sandia National Laboratory, in a press release. "Research will focus on addressing this problem by developing tools to make current SCADA system configurations more secure, while in tandem performing basic research to develop inherently secure designs for the SCADA systems of the future." The research team will consist of non-profit research groups such as the MITRE Corporation and SRI International; New York University; the Energy Department's Pacific Northwest National Laboratory; and several academic institutions including the University of Illinois at Urbana-Champaign, the Massachusetts Institute of Technology's Lincoln Laboratory, New York University, the University of Tulsa (Okla.), the University of Virginia, and Dartmouth College, which also manages the IP3. The consortium, which was founded in September 2001, is also actively pursuing industry partnerships to help guide research and for technology transfer opportunities. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Mar 09 2005 - 05:12:26 PST