Abstract
Many aspects of our modern society now have either a direct or implicit dependence upon information technology. As such, a compromise of the availability or integrity in relation to these systems (which may encompass such diverse domains as banking, government, health care, and law enforcement) could have dramatic consequences from a societal perspective. These key systems are often referred to as critical infrastructure. Critical infrastructure can consist of corporate information systems or systems that control key industrial processes; these specific systems are referred to as ICS (Industry Control Systems) systems. ICS systems have devolved since the 1960s from standalone systems to networked architectures that communicate across large distances, utilise wireless network and can be controlled via the Internet. ICS systems form part of many countries’ key critical infrastructure, including Australia. They are used to remotely monitor and control the delivery of essential services and products, such as electricity, gas, water, waste treatment and transport systems. The need for security measures within these systems was not anticipated in the early development stages as they were designed to be closed systems and not open systems to be accessible via the Internet. We are also seeing these ICS and their supporting systems being integrated into organisational corporate systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Australian Government (1998) Protecting Australia’s national information infrastructure. Report of the interdepartmental committee on protection of the national information infrastructure, Attorney-General’s Department, Barton, ACT
Australian Government (2004a) Critical infrastructure protection national strategy. Attorney-General’s Department, Barton, ACT
Australian Government (2004b) Protecting Australia against terrorism. Department of the Prime Minister and Cabinet, Barton, ACT
Australian Government (2009) Cyber security strategy. Attorney-General’s Department, Barton, ACT
Australian Government (2010) Critical infrastructure resilience strategy. Attorney-General’s Department, Barton, ACT
Australian Government (2011) CSOC—cyber security operations centre. Defence signals directorate (DSD), http://www.dsd.gov.au/infosec/csoc.htm. Accessed 10 Jan 2011
Australian Government (2013) Strong and secure: a strategy for Australia’s national security. Department of Prime Minster and Cabinet, Barton, ACT
Beggs C (2008) A holistic SCADA security standard for the Australian context. In: Proceedings of 2008 Australian information warfare and security conference (Perth), paper 27
Beggs C, McGowan R (2011) Fostering SCADA and IT relationships: an industry perspective. Int J Cyber Warfare Terrorism 1(3):1–11
Broad WJ, Sanger DE (2010) Worm was perfect for sabotaging centrifuges. New York Times. http://www.nytimes.com/2010/11/19/world/middleeast/19stuxnet.html?_r=0. Accessed 15 Oct 2013
Busuttil T, Warren MJ (2004) A risk analysis approach to critical information infrastructure protection. In: Proceedings of the 5th Australian information warfare and security conference, Perth
Cherry S (2010) How Stuxnet is rewriting the cyber terrorism playbook. IEEE spectrum online. http://spectrum.ieee.org/podcast/telecom/security/how-stuxnet-is-rewriting-the-cyberterrorism-playbook. Accessed 15 Oct 2013
Falliere N, Murchu LO, Chien E (2011) W32.Stuxnet dossier. Symantec. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf. Accessed 15 Oct 2013
Hughes G (2003) The cyberspace invaders, the sunday age, 22 June 2003
ISA (International Society of Automation) (2013) ISA99 committee on industrial automation and control systems security, http://isa99.isa.org/ISA99%20Wiki/Home.aspx. Accessed 10 Feb 2014
Krutz R (2006) Securing SCADA systems. Wiley, Indianapolis
Pollet J (2002) Developing a solid SCADA security strategy. In: Proceedings of the 2nd ISA/IEEE sensors for industry conference, Houston, pp 148–156
Rudd K (2008) The first national security statement to the parliament address by the prime minister of Australia, the Hon Kevin Rudd MP. http://www.pm.gov.au/media/speech/2008/speech_0659.cfm. Accessed 10 Dec 2008
Shaw W (2006) Cyber security for SCADA systems. PennWell Press, Tulsa, OK
Slay J, Miller M (2008) Lessons learned from the Maroochy water breach. In: Goetz E, Shenoi S (eds) IFIP international federation for information processing, vol 253, Critical Infrastructure Protection. Springer, Boston, pp 73–82
Smith S (2004) Infrastructure, http://www.parliament.nsw.gov.au/prod/parlment/publications.nsf/0/C6389C30B-0383F9ACA256ECF0006F610. Accessed 10 Nov 2010
Stouffer K, Falco J, Scarfone K (2011) Guide to industrial control systems (ICS) security. Special Publication 800–82, NIST (National Institute of Standards and Technology)
Supreme Court of Queensland, Boden RV (2002) Appeal against conviction and sentence, QCA 164, Brisbane
Trusted Information Sharing Network (TISN) (2007) About critical infrastructure. http://www.tisn.gov.au. Accessed 15 July 2009
Trusted Information Sharing Network (TISN) (2008) What is SCADA? http://www.tisn.gov.au/www/tisn/tisn.nsf/Page/e-Security#_What_is_SCADA. Accessed 3 July 2010
Trusted Information Sharing Network (TISN) (2010a) The shift to resilience. CIR News, vol 7, no 1, Barton, ACT
Trusted Information Sharing Network (TISN) (2010b) Fact sheet: critical infrastructure and resilience: whose responsibility is it? Barton, ACT
Trusted Information Sharing Network (TISN) (2012) Risk management for industrial control systems (ICS) and supervisory control systems (SCADA) information for senior executives, Barton, ACT
Warren MJ (2013) A major step forward on cybersecurity. ABC. http://www.abc.net.au/unleashed/4484508.html. Accessed 10 Oct 2013
Warren MJ, Leitch S (2010) Commercial critical systems and critical infrastructure protection: a future research Agenda. In: Proceedings of the 2010 European information warfare conference, Thessaloniki, Greece
Warren MJ, Leitch S (2010) Development of a supply chain management security risk management method: a conceptual model. In: Proceedings of the 9th European conference on information warfare and security (Thessaloniki). Academic Publishing, Reading, pp 327–333
Warren MJ, Leitch S (2011) Protection of Australia in the cyber age. Int J Cyber Warfare Terrorism 1(1):35–40
Weiss J (2010) Protecting industrial control systems from electronic threats. Momentum Press, New York
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Warren, M.J., Leitch, S. (2015). Cyber Security and Protection of ICS Systems: An Australian Example. In: Lehto, M., Neittaanmäki, P. (eds) Cyber Security: Analytics, Technology and Automation. Intelligent Systems, Control and Automation: Science and Engineering, vol 78. Springer, Cham. https://doi.org/10.1007/978-3-319-18302-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-18302-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18301-5
Online ISBN: 978-3-319-18302-2
eBook Packages: EngineeringEngineering (R0)