http://www.smh.com.au/news/security/australia-vulnerable-to-cyber-terror/2007/05/15/1178995118994.html By Asher Moses May 15, 2007 The computer systems powering Australia's essential services, such as electricity, gas, water, sewerage, transport and communications utilities, are outdated and not secured against cyber terrorist attacks, the Federal Government has warned. Security analysts in the United States said simplistic attacks originating from the internet could shut down the electric grid, interrupt the transport network and compromise drinking water systems. The Department of Communications, Information Technology and the Arts (DCITA) said the failure of critical infrastructure as a result of a cyber attack could have "severe consequences for the wider Australian community". The threat is so serious that the Government is holding free workshops for critical infrastructure practitioners and executives next month designed to teach them about emerging threats and how to treat them. Speakers at the workshops will include staff from the National Cyber Security Division of the US Department of Homeland Security. Providers of critical infrastructure are being invited to register for the June workshops on the DCITA website - they will be held in Sydney, Melbourne, Brisbane, Adelaide and Perth between June 4 and 14. In a document that will be handed out to attendees, obtained by smh.com.au, the Government says control systems that form the "central nervous system" of essential services "are now increasingly connected to corporate IT networks and the Internet, making them vulnerable to potential harm from malicious cyber attacks and accidents". "Many are legacy systems that lack sufficient IT security for today's threat environment. "There are known cases of IC [industrial control] systems, owned and operated by critical infrastructure operators, being disrupted through Internet based attacks." The document also warns CEOs and executives of their legal responsibility to mitigate risks to essential services. A spokeswoman for the Communications Minister, Helen Coonan, said: "This program is a practical example of Government working closely with industry to make Australian critical infrastructure more secure." Last week's federal budget earmarked $73.6 million over the next four years to improve the nation's capacity to manage cyber attacks. The Attorney-General, Philip Ruddock, said part of this spending would go towards expanding the Australian Government Computer Emergency Readiness Team (GovCERT) to "provide owners and operators of Australia's critical infrastructure with information to help reduce the risks from sophisticated electronic attacks and to provide government with information about the electronic risks to critical infrastructure". In February last year, Australia was part of an international exercise, Operation Cyber Storm, to test government response to cyber emergencies. Ten federal government departments tasked with emergency management - including the Australian Defence Force and the Australian Security Intelligence Organisation - took part in a one-day desktop simulation in Canberra, and had to respond to a fake hacking attack on the transport sector. The exercise did not include the private sector, which controls most of the nation's critical computer networks including power, water and telecommunications. A report on Cyber Storm was completed in March last year but results were used for internal government evaluation purposes only and were not release to the public. A second cyber terrorism war game, Cyber Storm II, is scheduled to begin in March next year. Next month's workshops will incorporate information gleaned from April's 2007 International SCADA Cyber Security Advanced Training Workshop, held at the Idaho National Laboratories (INL). A cybersecurity strategist for INL, Aaron Turner, last month testified to the US House Committee on Homeland Security (Subcommittee on Emerging Threats, Cybersecurity and Science & Technology) about his research on US critical infrastructure security and technology risks, which also applies to Australia. During his testimony, Mr Turner said "the use of technology [such as the internet] in our nation's infrastructure has improved the efficiency of infrastructure operations without corresponding improvements in the ability to secure these newly connected systems". Mr Turner added that INL had modelled scenarios where "simplistic attacks originating from the internet" could degrade electric grid capacity, impact petroleum refinery processes, interrupt transportation networks and compromise drinking water systems. "It should also be noted that the inter-connected nature of our infrastructure increases the potential for a high-impact correction," Mr Turner said. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue May 15 2007 - 22:33:04 PDT