The Federal Government's Computer Emergency Response Team (CERT) Australia has sent more than 200 engineers to be trained in protecting critical infrastructure at the same lab that the New York Times alleged was used to create the Stuxnet worm.
(SCADA image by Green Mamba, CC BY-ND 2.0)
The training at the United States Government's Idaho National Laboratory is part of a bid to toughen the nation's energy, water and transport industries by training specialists in the art of defending the control systems critical to their operation, known as Supervisory Control and Data Acquisition (SCADA) systems.
A further 30 staff will be sent this year, paid for by the Federal Government and the US Department of Homeland Security. The government said the training will have a ripple effect through the industry as those taught at the labs will likely move through industries and pass the knowledge of SCADA system defence on to others.
Federal Attorney-General Robert McClelland told an audience in Sydney last night that nations that do not harden SCADA systems will be an easy target for attacks.
"When you think about our reliance on these new systems for everyday activities, it's not surprising how vulnerable we can be when these systems don't perform as required or when they become the target of malicious attacks," McClelland said. "It's generally not until these systems fail that society realises just what an important role they play in both our personal and business lives."
To illustrate the impact of attacks on SCADA systems, McClelland cited the now infamous event where sewerage was dumped through the Maroochy Shire in 2000 after a disgruntled employee accessed the control system.
He said that although most of what CERT Australia did wasn't headline grabbing, it was important work, citing the organisation's vulnerability disclosures that are used to inform critical infrastructure operators of potential network threats to SCADA systems. As part of the process, CERT Australia will also work with the vendors to develop a fix for unpatched vulnerabilities, and the agency will be supplied with a list of potentially affected customers.