Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Critical infrastructure vulnerable as control systems remain at risk

  • 02 August, 2007 10:00

<p>Recent times have seen a dramatic escalation in risks to control systems for critical infrastructure, according to Australian data security expert Peter Long, who believes that conventional security techniques alone cannot resolve the problems.</p>
<p>Director of In Systems Pty Ltd, Long cites the U.S. Government Accountability Office (GAO) which has outlined four areas of concern.</p>
<p>He says: “The agency has issued cautions over the adoption of standardised technologies with known vulnerabilities; control networks that are connected to other networks; insecure connections which exacerbate vulnerabilities; and information about infrastructures and control systems that is easily available to the public.”</p>
<p>In Australia, the Department of Communications Information Technology and the Arts (DCITA) - working with the Trusted Information Sharing Networks (TISN), the IT Security Expert Advisory Group (ITSEAG) and the Supervisory Control and Data Acquisition (SCADA) Community of Interest (CoI) - is raising awareness of SCADA cyber security issues and promoting industry best practice</p>
<p>According to Peter Long, critical infrastructures essential to the industrialised world include agriculture and food, water, public health, emergency services, defence industrial base, telecommunications, energy, transportation, banking and finance, chemical, postal and shipping, and key physical assets such as nuclear power plants, dams, government facilities and commercial assets.</p>
<p>He says: “In addition to physical safety and security, network security for critical infrastructure is crucial because of reliance on electronic systems for operational control.</p>
<p>“Yet malfunctions to the industrial control systems in these industries, including faults within programmable logic controllers (PLCs), distributed control systems (DCS), remote terminal units (RTUs) and supervisory control and data acquisition (SCADA) systems can cause safety issues. Ignoring or improperly addressing industrial control system security or robustness risks can result in disruption of critical systems, damage to equipment, and may cause unpredictable operations or failure of critical infrastructure.”</p>
<p>Adding existing IP-based security controls such as firewalls, intrusion detection/prevention, antivirus, encryption, authentication, and other related technologies to control systems represents a good first step, but will not always ensure plant safety or security.</p>
<p>According to Long, operators of industrial control systems are turning to next-generation tools for testing and analysis that isolates and documents safety concerns – including protocol implementation weaknesses in any IP-based control system. The new protocol testing and measurement systems work by enabling, using, and routinely stressing control system resiliency and security as part of a safety process of continuous improvement, and automate risk by quantification according to the “attack surface” for products or services.</p>
<p>For instance, the Mu-4000 Security Analyzer, from Mu Security, Inc., reveals industrial control resiliency issues; documents SCADA and process control vulnerabilities; prevents zero-day attacks and network robustness problems; and enables 99.999% continuity of critical services.</p>
<p>Peter Long says Australian operators of critical control systems are showing strong interest in the new technology.</p>
<p>About In Systems</p>
<p>Australian-owned In Systems (www.insys.com.au) provides design, planning and operations for IT systems and integrated voice/data networking, helping to maximise business outcomes. The company p[laces a strong focus on data security. Since 1990, the company has delivered successful IT projects across industries such as banking, insurance, telecommunications, defence and education, as well as many small and medium enterprises. Principals and staff share a huge fund of expertise and experience in IT management, voice and data networking design, planning and operation, systems administration and security.</p>
<p>About Mu Security</p>
<p>Mu Security offers a market-leading security analysis system, delivering a rigorous and streamlined methodology for verifying the robustness and security readiness of any IP-based product or application. Founded by the pioneers of intrusion detection and prevention technology, Mu Security is backed by pre-eminent venture capital firms including Accel Partners, Benchmark Capital and DAG Ventures. The company is headquartered in Sunnyvale, CA. For more information, visit the company's website at http://www.musecurity.com.</p>
<p>For more information</p>
<p>Peter Long, Director
In Systems Pty Ltd
Phone: (03) 8611 3901 or 0417 857 919
Email: plong@insys.com.au</p>

Most Popular