[ISN] Australia vulnerable to cyber terror

From: InfoSec News (alerts@private)
Date: Tue May 15 2007 - 22:25:15 PDT


http://www.smh.com.au/news/security/australia-vulnerable-to-cyber-terror/2007/05/15/1178995118994.html

By Asher Moses
May 15, 2007

The computer systems powering Australia's essential services, such as 
electricity, gas, water, sewerage, transport and communications 
utilities, are outdated and not secured against cyber terrorist attacks, 
the Federal Government has warned.

Security analysts in the United States said simplistic attacks 
originating from the internet could shut down the electric grid, 
interrupt the transport network and compromise drinking water systems.

The Department of Communications, Information Technology and the Arts 
(DCITA) said the failure of critical infrastructure as a result of a 
cyber attack could have "severe consequences for the wider Australian 
community".

The threat is so serious that the Government is holding free workshops 
for critical infrastructure practitioners and executives next month 
designed to teach them about emerging threats and how to treat them.

Speakers at the workshops will include staff from the National Cyber 
Security Division of the US Department of Homeland Security.

Providers of critical infrastructure are being invited to register for 
the June workshops on the DCITA website - they will be held in Sydney, 
Melbourne, Brisbane, Adelaide and Perth between June 4 and 14.

In a document that will be handed out to attendees, obtained by 
smh.com.au, the Government says control systems that form the "central 
nervous system" of essential services "are now increasingly connected to 
corporate IT networks and the Internet, making them vulnerable to 
potential harm from malicious cyber attacks and accidents".

"Many are legacy systems that lack sufficient IT security for today's 
threat environment.

"There are known cases of IC [industrial control] systems, owned and 
operated by critical infrastructure operators, being disrupted through 
Internet based attacks."

The document also warns CEOs and executives of their legal 
responsibility to mitigate risks to essential services.

A spokeswoman for the Communications Minister, Helen Coonan, said: "This 
program is a practical example of Government working closely with 
industry to make Australian critical infrastructure more secure."

Last week's federal budget earmarked $73.6 million over the next four 
years to improve the nation's capacity to manage cyber attacks.

The Attorney-General, Philip Ruddock, said part of this spending would 
go towards expanding the Australian Government Computer Emergency 
Readiness Team (GovCERT) to "provide owners and operators of Australia's 
critical infrastructure with information to help reduce the risks from 
sophisticated electronic attacks and to provide government with 
information about the electronic risks to critical infrastructure".

In February last year, Australia was part of an international exercise, 
Operation Cyber Storm, to test government response to cyber emergencies.

Ten federal government departments tasked with emergency management - 
including the Australian Defence Force and the Australian Security 
Intelligence Organisation - took part in a one-day desktop simulation in 
Canberra, and had to respond to a fake hacking attack on the transport 
sector.

The exercise did not include the private sector, which controls most of 
the nation's critical computer networks including power, water and 
telecommunications.

A report on Cyber Storm was completed in March last year but results 
were used for internal government evaluation purposes only and were not 
release to the public.

A second cyber terrorism war game, Cyber Storm II, is scheduled to begin 
in March next year.

Next month's workshops will incorporate information gleaned from April's 
2007 International SCADA Cyber Security Advanced Training Workshop, held 
at the Idaho National Laboratories (INL).

A cybersecurity strategist for INL, Aaron Turner, last month testified 
to the US House Committee on Homeland Security (Subcommittee on Emerging 
Threats, Cybersecurity and Science & Technology) about his research on 
US critical infrastructure security and technology risks, which also 
applies to Australia.

During his testimony, Mr Turner said "the use of technology [such as the 
internet] in our nation's infrastructure has improved the efficiency of 
infrastructure operations without corresponding improvements in the 
ability to secure these newly connected systems".

Mr Turner added that INL had modelled scenarios where "simplistic 
attacks originating from the internet" could degrade electric grid 
capacity, impact petroleum refinery processes, interrupt transportation 
networks and compromise drinking water systems.

"It should also be noted that the inter-connected nature of our 
infrastructure increases the potential for a high-impact correction," Mr 
Turner said.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue May 15 2007 - 22:33:04 PDT