Utility links open up new security threat
- 29 July, 2008 22:00
Utilities have been warned they should minimise the use of information technologies that could open up critical infrastructure to new threats by connecting previously isolated and secure energy networks to the internet. Internet telephony and wireless broadband links used to connect remote sites for monitoring are just some of the increasingly popular web-based services that could potentially make utilities more vulnerable to attack.
To avoid problems, utilities needed to ensure connections between the secure SCADA systems that have traditionally controlled utility networks and the internet were tightly monitored, Deloitte's global head of security and privacy, Adel Melek, said.
Mr Melek, who last week delivered the results of Deloitte's 2008 Energy and Resources Global Security Survey, said the issue was of growing concern as engineers increasingly linked familiar legacy technologies to new systems with which they were less experienced.
Such links were likely to become increasingly commonplace as utilities upgraded electricity grids to accommodate sustainable energy sources and support the emerging requirements of emissions reporting and carbon trading.
"A convergence between the SCADA IT systems and IP-enabled networks has meant SCADA engineers have had to get a bit of a security education," Mr Melek said.
"When critical infrastructure moves in that direction - using [voice over internet protocol] or even wireless networks for remote site connectivity - the engineers need to be mindful of the threats associated with those services.
"It is naive of them to think these networks won't be exposed to the same security threats."
The Deloitte report was issued following a survey of utilities in the Asia-Pacific region, the Americas, Europe and the Middle East.
According to the survey, 81 per cent of respondents responsible for industrial control information systems had managed to avoid security incidents over the past 12 months.
But the survey found a quarter of respondents wanted to build more connections between their traditional control systems and the internet, while 12 per cent wanted to increase the separation between the energy grids and the web.
Critical infrastructure providers in Australia said information systems were usually already segregated from their corporate computer networks by design.
A spokesman for the Snowy Mountains Hydro-electric Authority said it operated on its own secured fibre-optic cable network, independent of the local Telstra network, which was controlled from nearby Cooma.
A spokesman from a large national electricity supplier said its SCADA system was segregated in such a way that physical access was needed to the terminals controlling the system.
Fairfax Business Media