Lessons Learned from the Maroochy Water Breach

  • Jill Slay
  • Michael Miller
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

Supervisory control and data acquisition (SCADA) systems are widely used to monitor and control operations in electrical power distribution facilities, oil and gas pipelines, water distribution systems and sewage treatment plants. Technological advances over the past decade have seen these traditionally closed systems become open and Internet-connected, which puts the service infrastructures at risk. This paper examines the response to the 2000 SCADA security incident at Maroochy Water Services in Queensland, Australia. The lessons learned from this incident are useful for establishing academic and industry-based research agendas in SCADA security as well as for safeguarding critical infrastructure components.

Keywords: SCADA security, Maroochy Water Services breach

References

  1. Australian Computer Emergency Response Team, 2004 Australian Computer Crime and Security Survey (www.auscert. org. au/render. html?it=2001), 2005.
  2. [2]
    British Columbia Institute of Technology, Good Practice Guide on Fire- wall Deployment for SCADA and Process Control Networks, National Infrastructure Security Co-ordination Centre, London, United Kingdom, 2005.Google Scholar
  3. [3]
    E. Byres and J. Lowe, The myths and facts behind cyber security risks for industrial control systems, presented at the VDE Congress, 2004.Google Scholar
  4. [4]
    J. Fernandez and A. Fernandez, SCADA systems: Vulnerabilities and re- mediation, Journal of Computing Sciences in Colleges, vol. 20(4), pp. 160- 168, 2005.Google Scholar
  5. [5]
    General Accounting Office, Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems, Report to Congressional Re- questers, GAO-04-354, Washington, DC, 2004.Google Scholar
  6. G. Hughes, The cyberspace invaders, The Age, June 22, 2003.Google Scholar
  7. IT Security Advisory Group, SCADA security: Advice for CEOs, Depart- ment of Communications, Information Technology and the Arts, Canberra, Australia (www.dcita. gov. au/communications for business/security/criti cal infrastructure security/key documents), 2005.
  8. [8]
    S. Mustard, Security of distributed control systems: The concern increases, Computing and Control Engineering Journal, vol. 16(6), pp. 19-25, 2005.CrossRefGoogle Scholar
  9. [9]
    National Communications System, Supervisory Control and Data Acqui- sition (SCADA) Systems, Technical Information Bulletin NCS TIB 04-1, Arlington, Virginia, 2004.Google Scholar
  10. [10]
    Office of Energy Assurance, 21 Steps to Improve Cyber Security of SCADA Networks, U. S. Department of Energy, Washington, DC, 2002.Google Scholar
  11. [11]
    P. Oman, E. Schweitzer and D. Frincke, Concerns about intrusions into remotely accessible substation controllers and SCADA systems, Proceed-ings of the Twenty-Seventh Annual Western Protective Relay Conference, 2000.Google Scholar
  12. [12]
    D. Peterson, Intrusion detection and cyber security, InTech, May 2004.Google Scholar
  13. [13]
    President’s Information Technology Advisory Committee, Cyber Security: A Crisis of Prioritization, Report to the President, National Coordination Office for Information Technology Research and Development, Arlington, Virginia, 2005.Google Scholar
  14. Riptech, Understanding SCADA system security vulnerabilities (www.iwar. org. uk/cip/resources/utilities/SCADAWhitepaperfinal1. pdf), 2001.
  15. [15]
    J. Slay and M. Miller, A security architecture for SCADA networks, Pro- ceedings of the Seventeenth Australasian Conference on Information Sys- tems, 2006.Google Scholar
  16. J. Stamp, P. Campbell, J. DePoy, J. Dillinger and W. Young, Sustainable security for infrastructure SCADA, Sandia National Laboratories, Albu- querque, New Mexico (www.sandia. gov/scada/documents/SustainableSec urity. pdf), 2003.
  17. Symantec, Understanding SCADA system security vulnerabilities (www4. symantec. com/Vrt/offer?a id=20249), 2004.

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Jill Slay
    • 1
  • Michael Miller
    • 2
  1. 1.Defence and Systems InstituteUniversity of South AustraliaAustralia
  2. 2.BAE SystemsAustralia

Personalised recommendations