Supervisory control and data acquisition (SCADA) systems are widely used to monitor and control operations in electrical power distribution facilities, oil and gas pipelines, water distribution systems and sewage treatment plants. Technological advances over the past decade have seen these traditionally closed systems become open and Internet-connected, which puts the service infrastructures at risk. This paper examines the response to the 2000 SCADA security incident at Maroochy Water Services in Queensland, Australia. The lessons learned from this incident are useful for establishing academic and industry-based research agendas in SCADA security as well as for safeguarding critical infrastructure components.
Keywords: SCADA security, Maroochy Water Services breach
Chapter PDF
Similar content being viewed by others
Keywords
- Intrusion Detection System
- Water Distribution System
- Critical Infrastructure
- Pump Station
- Security Solution
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Australian Computer Emergency Response Team, 2004 Australian Computer Crime and Security Survey (www.auscert. org. au/render. html?it=2001), 2005.
British Columbia Institute of Technology, Good Practice Guide on Fire- wall Deployment for SCADA and Process Control Networks, National Infrastructure Security Co-ordination Centre, London, United Kingdom, 2005.
E. Byres and J. Lowe, The myths and facts behind cyber security risks for industrial control systems, presented at the VDE Congress, 2004.
J. Fernandez and A. Fernandez, SCADA systems: Vulnerabilities and re- mediation, Journal of Computing Sciences in Colleges, vol. 20(4), pp. 160- 168, 2005.
General Accounting Office, Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems, Report to Congressional Re- questers, GAO-04-354, Washington, DC, 2004.
G. Hughes, The cyberspace invaders, The Age, June 22, 2003.
IT Security Advisory Group, SCADA security: Advice for CEOs, Depart- ment of Communications, Information Technology and the Arts, Canberra, Australia (www.dcita. gov. au/communications for business/security/criti cal infrastructure security/key documents), 2005.
S. Mustard, Security of distributed control systems: The concern increases, Computing and Control Engineering Journal, vol. 16(6), pp. 19-25, 2005.
National Communications System, Supervisory Control and Data Acqui- sition (SCADA) Systems, Technical Information Bulletin NCS TIB 04-1, Arlington, Virginia, 2004.
Office of Energy Assurance, 21 Steps to Improve Cyber Security of SCADA Networks, U. S. Department of Energy, Washington, DC, 2002.
P. Oman, E. Schweitzer and D. Frincke, Concerns about intrusions into remotely accessible substation controllers and SCADA systems, Proceed-ings of the Twenty-Seventh Annual Western Protective Relay Conference, 2000.
D. Peterson, Intrusion detection and cyber security, InTech, May 2004.
President’s Information Technology Advisory Committee, Cyber Security: A Crisis of Prioritization, Report to the President, National Coordination Office for Information Technology Research and Development, Arlington, Virginia, 2005.
Riptech, Understanding SCADA system security vulnerabilities (www.iwar. org. uk/cip/resources/utilities/SCADAWhitepaperfinal1. pdf), 2001.
J. Slay and M. Miller, A security architecture for SCADA networks, Pro- ceedings of the Seventeenth Australasian Conference on Information Sys- tems, 2006.
J. Stamp, P. Campbell, J. DePoy, J. Dillinger and W. Young, Sustainable security for infrastructure SCADA, Sandia National Laboratories, Albu- querque, New Mexico (www.sandia. gov/scada/documents/SustainableSec urity. pdf), 2003.
Symantec, Understanding SCADA system security vulnerabilities (www4. symantec. com/Vrt/offer?a id=20249), 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Slay, J., Miller, M. (2008). Lessons Learned from the Maroochy Water Breach. In: Goetz, E., Shenoi, S. (eds) Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, vol 253. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-75462-8_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-75462-8_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-75461-1
Online ISBN: 978-0-387-75462-8
eBook Packages: Computer ScienceComputer Science (R0)