CERT Australia chief headlines AISA Week

CERT Australia's freshly minted leader, Deborah Anton, will deliver the keynote for the Australian Information Security Association annual seminar day next month.

Linked gallery: AISA National Conference 2010

And while the recent round of security threats such as Stuxnet plaguing global networks was bad news for users it provided a wealth of material for the Sydney event's organisers who saw its revenue surge by 40 percent over last year.

Presenters have until tomorrow to file their submissions under this year's theme, "Under Attack", which asked individuals, governments and businesses to consider their responses to the growing scourge of cybercrime and other threats to critical infrastructure.

Anton was assistant secretary of e-security policy and coordination who worked in the Attorney-General's department of which CERT Australia was a part.

She will deliver her presentation at the event that was one of several the group will hold in capital cities around Australia, AISA national chairman Keith Price, said. 

Price attributed the growth in sponsorship and registration that looks set to pack out the 250-seat Westpac auditorium to ASIA's 10-year "track record that's attracting people back".

Further reading

• Symantec tars ISPs with bad security brush
• Stuxnet pinned for killing Indian satellite

"We have virtually every type of IT risk, governance and security individual there," Price said.

"We represent all of the industry and our whole purpose is to provide an industry-based and unbiased perspective of the issues."

Price said that although the Stuxnet worm that infiltrated the Microsoft Windows controllers on computer systems used in big utilities such as nuclear power stations and water-treatment plants had spread from Iran to China and elsewhere, security professionals were still in the dark about the hackers' intentions.

Keith Price, AISA

And Price said that recent revelations about security holes in Australia's utilities networks could be plugged by bringing IT security and internet networking professionals closer to their engineering counterparts in the same industries.

"There's always been us and them mentality in utilities," Price said who recently left Telstra to establish his own security consultancy.

"You had engineers in the utilities world and IT guys in the corporate world and there were walls between those groups and we haven't done a good job [in the information security industry] of breaking down those barriers so engineers can learn how to control those devices over TCP/IP [the lingua franca of the internet]."

"Black swan" events trouble professionals

He said "black swans"- unlikely events that would have "catastrophic consequences" - were ever occupying the minds of critical infrastructure planners.

And malicious hackers linked to organised crime were breaking into systems to find information that they could auction off to the highest bidder: "Why would you want a rootkit in a SCADA system?  Extortion is one reason".

"[Hackers say] we'll open valves, spill sewerage into a river: pay me $50,000 or get fined $100,000."

In the case of terrorist actions, he said hackers sitting in the mountains of Afghanistan or Pakistan wouldn't have to gain access to high-profile targets such as air-traffic control systems when they "could have a guy on a cellphone who ignites [a utility's] gas taps that they opened remotely".

SC Magazine is a media partner of AISA Week that starts November 29 with events in Sydney, Perth, Melbourne and Adelaide. Check the AISA website www.aisa.org.au for details