Businesses prepare for cyberattacks, in secret
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
Get the latest news from Computerworld delivered via email.
Sign up now
A group of New Zealand organisations responsible for critical infrastructure have established voluntary standards for the security of such systems against digital attack.
The New Zealand Cyber Security Voluntary Standards for Industrial Control Systems were devised with the support of the National Cyber Security Centre (NCSC).
Their originators are keeping quiet about the detail of the standards and the identity of members of the group, because it might set them up as a target for attackers.
They will not even say how many organisations are in the group.
An agreed statement, released through the NCSC, says the standards group “is for companies in the critical national infrastructure that are dependent on SCADA (Supervisory Control and Data Acquisition) or other industrial control, process control or telemetry systems. Members share confidentially mutually beneficial information regarding electronic security threats, vulnerabilities, incidents and solutions.”
The one member willing to identify itself is Genesis Energy, whose spokesman on the topic, Mike Judge, says “this work has allowed us to safely discuss cybersecurity issues, and work together with industry to develop best practice and share information.
“The participants in this group are well placed, to provide or endorse security guidance to the New Zealand utility industry,” Judge adds. “Risks will vary, but this standard we have developed is a practical compilation of best practice and guidance for establishing a secure control system.
“The aim is to minimise the threat from unauthorised or inappropriate access, and also to maintain access and control during adverse conditions.
“These voluntary standards will be applicable for a range of New Zealand industries including electricity, oil and gas, water, transport, chemical, pharmaceutical, food and beverage, and manufacturing,” Judge says.
Posted by danisscott at 2:40:45 on March 22, 2013
Its a secret! Others call it a challenge.
Posted by Anonymous at 9:16:43 on March 13, 2013
Remember what happened to the kid in the sandpit that said... Look at my castle... Its the
biggest and the strongest ;)
Posted by Anonymous at 16:18:00 on March 12, 2013
But why the secrecy? Everyone knows who the SCADA users are (there's a list of industries in the article) and there's a great deal of SCADA exploits and vulnerability information in the public domain.
Or could the secrecy be to protect those who are *not* participating?
Posted by Daniel Ayers at 14:27:59 on March 12, 2013