Object Oriented Programming and Software Engineering CIS016-2

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
NERC Lessons Learned Summary December NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 11 Reliability and Security in IT infrastructure.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Protecting ICT Systems
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.
NETWORK ADMINISTRATOR. EXAMPLES OF SOME COMPUTING RELATED CAREERS Multimedia Artist / Graphics Artist Information System Manager Computer Scientist Network.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Cost of Ownership of a PC Acknowledgements to Euan Wilson (Staffordshire University)
Cyber Terrorism Shawn Carpenter Computer Security Analyst
Appendix C: Designing an Operations Framework to Manage Security.
Jamie Lyle (Cpsc 620) December 6, Overview  Logic Bombs  The story of Roger Duronio and UBS PaineWebber  Defenses against logic bombs.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.
Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.
Securing A Wireless Home Network. Simple home wired LAN.
Why Cryptosystems Fail R. Anderson, Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993 Reviewed by Yunkyu Sung
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
Incident Response Christian Seifert IMT st October 2007.
BASIC SECURITY THREATS TO INFORMATION SYSTEMS. All information systems linked up in networks are prone to security violations. All information systems.
Page 1 Dieter Mueller-Ehrhard Workshop „Information and Media Technologies“ Part II Examples and Applications from Practice in Germany Your host: Dieter.
Welcome to the ICT Department Unit 3_5 Security Policies.
October 28, 2015 Cyber Security Awareness Update.
SCADA NETWORK SECURITY BY LICET 4-AUG-12.
SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.
Technology and Business Continuity
Automation Technologies SCADA SENSORS HMI
Koji Nakao, Dai Arisue NICT, Japan
Risk management.
3.6 Fundamentals of cyber security
Cybersecurity Case Study Maroochy water breach
Products/Solutions/Expertise of C-DAC Mumbai in Smart City Domain
Responding to Intrusions
Cybersecurity Case Study STUXNET worm
Lecture 14: Business Information Systems - ICT Security
Report by: Katiuscia Zedda
Network Management Functions
Socrative Question #1 Which of the following would be the person most likely to be installing new network routers for a business or organization? Computer.
Cybersecurity Awareness
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
I have many checklists: how do I get started with cyber security?
cyberopsalliance.com |
Network management system
Object Oriented Programming and Software Engineering CIS016-2
Intrusion detection Lewis Knight.
Intrusion detection systems?
Network Security Best Practices
INFORMATION SYSTEMS SECURITY and CONTROL
PLC / SCADA / HMI Controllers: Name : Muhammad Zunair Comsats University Date: 28-October-2018.
Keeping your data, money & reputation safe
Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Cyber Security - Protecting Information
System Testing.
Detection Detect the breach and protect the data. By,
Security.
LO1 - Know about aspects of cyber security
Cyber Security For Civil Engineering
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Anatomy of Industrial Cyber Attacks
Presentation transcript:

Object Oriented Programming and Software Engineering CIS016-2 Week 3: Cybersecurity Case Study – Maroochy Water Breach Sue Brandreth 17/05/2018

Maroochy Shire 17/05/2018

Maroochy Shire Sewage System SCADA controlled system with 142 pumping stations over 1157 sq km installed in 1999 In 2000, the area sewage system had 47 unexpected faults causing extensive sewage spillage 17/05/2018

SCADA Setup 17/05/2018

SCADA Sewage Control Special-purpose control computer at each station to control valves and alarms Each system communicates with and is controlled by central control centre Communications between pumping stations and control centre by radio, rather than wired network 17/05/2018

What Happened 17/05/2018

Technical Problems Sewage pumps not operating when they should have been Alarms failed to report problems to control centre Communication difficulties between the control centre and pumping stations 17/05/2018

Insider Attack Vitek Boden worked for Hunter Watertech (system suppliers) with responsibility for the Maroochy system installation. He left in 1999 after disagreements with the company. He tried to get a job with local Council but was refused. 17/05/2018

Revenge! Boden was angry and decided to take revenge on both his previous employer and the Council by launching attacks on the SCADA control systems He hoped that Hunter Watertech would be blamed for the failure Insiders don’t have to work inside an organisation! 17/05/2018

What Happened? 17/05/2018

How it Happened Boden stole a SCADA configuration program from his employers when he left and installed it on his own laptop He also stole radio equipment and a control computer that could be used to impersonate a genuine machine at a pumping station Insecure radio links were used to communicate with pumping stations and change their configurations 17/05/2018

Incident Timeline Initially, the incidents were thought to have been caused by bugs in a newly installed system However, analysis of communications suggested that the problems were being caused by deliberate interventions Problems were always caused by a specific station ID 17/05/2018

Actions Taken System was configured so that that ID was not used so messages from there had to be malicious Boden as a disgruntled insider fell under suspicion and put under surveillance Boden’s car was stopped after an incident and stolen hardware and radio system discovered 17/05/2018

Causes of the Problem Installed SCADA system was completely insecure No security requirements in contract with customer Procedures at Hunter Watertech were inadequate to stop Boden stealing hardware and software Insecure radio links were used for communications 17/05/2018

Causes of the Problem Lack of monitoring and logging made detection more difficult No staff training to recognise cyber attacks No incident response plan in place at Maroochy Council 17/05/2018

Aftermath On October 31, 2001 Vitek Boden was convicted of: 26 counts of willfully using a computer to cause damage 1 count of causing serious environment harm Jailed for 2 years 17/05/2018

Finding Out More…. Myths and Facts Behind Cyber Security of Industrial Control http://www.pimaweb.org/conference/april2003/pdfs/MythsAndFactsBehindCyberSecurity.pdf Lessons Learned from the Maroochy Water Breach http://www.ifip.org/wcc2008/site/IFIPSampleChapter.pdf Malicious Control System Cyber Security Attack Case Study–Maroochy Water Services, Australia http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Maroochy-Water-Services-Case-Study_report.pdf 17/05/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.