Industrial cyber security in focus at ACI Connect 2014

ACI Connect
By Glenn Johnson, Editor
Tuesday, 25 March, 2014


Six months ago I published an article titled Industrial cybersecurity: is the IT department your friend? In that article I reflected on the questions being asked at a panel on industrial cyber security that I attended and made the following observation as a result:

I think it is true to say that as a whole, the processing, mining and manufacturing industries lack the maturity of security awareness that the general business IT industry has acquired over the years, and so the whole issue can seem very daunting. The publicity around high-profile malware incidents … have raised the profile of cybersecurity as a business need, but also skew the perceptions of the uninitiated into viewing malware and hacking as the main threats to focus on. Vendors across the board are now selling technology squarely aimed at these particular types of threats … This can also lead to the idea that once these technologies have been implemented, then the cybersecurity issue is ‘covered’ - much like the idea that implementing a firewall will magically secure the process network from everything else.

Don’t get me wrong though - malware and hacking are real and present dangers, but they only represent a certain percentage of the things that need to be taken into account in a cybersecurity program.

In other words, approaching the problem directly from this ‘nuts-and-bolts’ level will not achieve much. It is necessary to first understand all the threats that are posed to your organisation (and not just your control system), and assess the risks to your organisation and control systems that these threats represent. In other words, you need to understand what you are protecting against and how it may affect your system or organisation in order to effectively mitigate those risks.

But I also reflected on the fact that, while there is a large body of knowledge and ‘best practice’ available in the IT world, it is nevertheless very rare to find any IT department in an organisation that is doing security well. The same can also apply in relation to government organisations; however, many of our federal departments have security ‘as their core business’ and are experienced at understanding threat and risk.

The Australian Nuclear Science and Technology Organisation (ANSTO) is a good government example - and also a rare one, in that it operates a nuclear facility and therefore operates an industrial control system, in addition to information systems.

ANSTO operates the Open Pool Australian Lightwater (OPAL) research reactor, which is a state-of-the-art 20 MW nuclear reactor that uses low enriched uranium (LEU) fuel to achieve a range of nuclear medicine, research, scientific, industrial and production goals.

Being a federal government agency and the operator of Australia’s only nuclear reactor, ANSTO exists in a heavily regulated environment where cyber security is required to be addressed through the implementation of established and tested technologies, practices and processes.

At ACI Connect 2014 we will be lucky enough to have a presentation from Mitchell Hewes and Nick Howarth of ANSTO titled Cyber security in a nuclear context.

Mitchell Hewes

Mitchell Hewes

Mitchell Hewes is the IT security officer for ANSTO, and he produces the internal standards, design guidelines and procedures on how cyber security is to be addressed while assisting with the design and implementation of critical systems.

Nick Howarth is an IT system engineer for the OPAL research reactor and his responsibilities also include the development and implementation of security plans and controls.

Their presentation will give a great overview of the processes and understanding necessary in implementing a comprehensive cyber security program including:

  • Cyber security requirements in automation, control and instrumentation
  • Specific considerations in cyber security for nuclear facilities
  • An overview of the OPAL research reactor
  • The role of IT in OPAL’s control system design, implementation and operation
  • Australian Government IT security regulations and their application to OPAL

Nick Howarth

Nick Howarth

I look forward to hearing their presentation, and I am sure that for those of you who are concerned about cyber security in your plants but are new to the concepts, it will provide a great overview and example case study for you to reflect on.

Straight after the presentation, I will be chairing a panel discussion on industrial cyber security where you will have a rare opportunity be able to listen to and engage in a Q&A with Mitchell and Nick, as well as industrial cyber security and cyber-terrorism consultant Dr Christopher Beggs, and Adam Rickards of DAANET/Secomea.

I hope to see you there, armed with great questions for these industrial cyber-security experts!

Related Articles

Climate-friendly electricity from ammonia

Researchers the Fraunhofer Institute have developed a high-temperature fuel cell stack that can...

Digitalised, sustainable battery cell production

German researchers have developed a flexible winding system for battery cells that is embedded in...

Expired deadline threatens critical infrastructure as compliance lags

The deadline for achieving cybersecurity framework alignment for the SOCI Act expired on 17...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd