Businesses prepare for cyberattacks, in secret

LATEST NEWS

Computerworld is New Zealand's only specialised information systems fortnightly.
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

A group of NZ organisations have established voluntary standards to guard against digital attacks

By Stephen Bell | Wellington | Tuesday, 12 March, 2013 | 4 Comments

A group of New Zealand organisations responsible for critical infrastructure have established voluntary standards for the security of such systems against digital attack.

The New Zealand Cyber Security Voluntary Standards for Industrial Control Systems were devised with the support of the National Cyber Security Centre (NCSC).

Their originators are keeping quiet about the detail of the standards and the identity of members of the group, because it might set them up as a target for attackers.

They will not even say how many organisations are in the group.

An agreed statement, released through the NCSC, says the standards group “is for companies in the critical national infrastructure that are dependent on SCADA (Supervisory Control and Data Acquisition) or other industrial control, process control or telemetry systems. Members share confidentially mutually beneficial information regarding electronic security threats, vulnerabilities, incidents and solutions.”

The one member willing to identify itself is Genesis Energy, whose spokesman on the topic, Mike Judge, says “this work has allowed us to safely discuss cybersecurity issues, and work together with industry to develop best practice and share information.

“The participants in this group are well placed, to provide or endorse security guidance to the New Zealand utility industry,” Judge adds. “Risks will vary, but this standard we have developed is a practical compilation of best practice and guidance for establishing a secure control system.

“The aim is to minimise the threat from unauthorised or inappropriate access, and also to maintain access and control during adverse conditions.

“These voluntary standards will be applicable for a range of New Zealand industries including electricity, oil and gas, water, transport, chemical, pharmaceutical, food and beverage, and manufacturing,” Judge says.

Comments

CCTV Camera i read blog very well and it's say something about cyber Crime. it's right but the CCTV System is also helpful for stop the cyber crime.
Posted by danisscott at 2:40:45 on March 22, 2013

Flag abuse

The first rule The first rule about New Zealand Cyber Security Voluntary Standards for Industrial Control Systems is you do not talk about New Zealand Cyber Security Voluntary Standards for Industrial Control Systems.

Its a secret! Others call it a challenge.
Posted by Anonymous at 9:16:43 on March 13, 2013

Flag abuse

why secrecy Why paint a target on your back..... Thats why.....

Remember what happened to the kid in the sandpit that said... Look at my castle... Its the
biggest and the strongest ;)

Posted by Anonymous at 16:18:00 on March 12, 2013

Flag abuse

Great - But why the Secrecy? Any steps these organisations take to improve their security is a good thing. SCADA attacks are on the rise, including in the cyber warfare arena (e.g. Stuxnet), and in my experience SCADA systems can be quite vulnerable due to outdated software and a tendancy to avoid patching.

But why the secrecy? Everyone knows who the SCADA users are (there's a list of industries in the article) and there's a great deal of SCADA exploits and vulnerability information in the public domain.

Or could the secrecy be to protect those who are *not* participating?
Posted by Daniel Ayers at 14:27:59 on March 12, 2013

Flag abuse