Win10 patch hobbles access to Border Force's ageing ICS customs platform

Up to 1680 Australian customs brokers and freight forwarders have been hit by a security glitch arising from Australian Border Force’s ageing Integrated Cargo Systems (ICS) after a Windows 10 patch bit messaging protocols shipped by the legacy Windows Explorer browser.

In an embarrassing development for ABF, it is understood hundreds of business users have been forced to delay or roll back security updates for Windows 10 to keep transactional messaging for freight running to Customs, a scenario that elevates cyber security risk for the sensitive industry.

“A change in behaviour of the protocol establishing the security of the connection with ICS is causing authentication failures,” ABF said in a notification to users on Friday.

“Our technical teams are working with Microsoft at the highest priority to understand and resolve the root cause of the issue and to develop an appropriate solution.”

However users contacted by iTnews suggested the “root cause” was ICS’ ageing infrastructure and a lack of investment from the government for the IBM WebSphere-based system that caused containers to pile up on docks when it went live in 2005.

It is understood that while there are several functional workarounds, the main one being to roll back the security upgrade, user frustration is growing over the likelihood of continued breakages because of the age of ICS.

ABF itself is also admitting ICS users are shouldering the burden of additional security risk just to stay in business.

“We are aware that some users have removed the update to successfully restore connectivity. We recommend any decision to remove the security update is informed by an appropriate risk assessment and analysis,” ABF said.

“Additional security controls to limit any risk associated with the removal of the patch such as the use of standalone machines should be considered.”

Or to put it more bluntly, isolate or air gap the connection to the ICS so the rest of your network can be patched and isn't potentially compromised.

Ironically, the ICS-related security issues have come as Home Affairs chief Michael Pezzullo continues to rekindle rhetoric around Australia’s potential vulnerability to a digital ‘Pearl Harbour’ style attack.

ICS replaced a functionally limited but fast green screen EDI system with an early web-based transactional hub in the early noughties, an era when IBM was successfully selling WebSphere as a core systems replacement to a clutch of major agencies.

Aside from Customs, major WebSphere builds included the then Immigration Department’s infamous Systems for People rollout and the Treasury and the Australian Tax Offices’ Standard Business Reporting system that is only now starting to be coded into big corporate software platforms like SAP and Oracle, despite being embedded in the likes of MYOB and Xero for years.

In a further testament to the increasingly archaic nature of ICS, Windows Explorer – which Microsoft is busily in the process of shooing users off in preference of Edge – remains the preferred browser to access ICS.

At a broad level, the most obvious medium to long-term replacement for ICS could be some sort of blockchain based solution, with IBM and major shipping and cargo lines now working on a global solution.

This said, timelines surrounding current blockchain pilots becoming fully fledged solutions remain fluid, making the question of what happens next at ABF a very open one.

After the tumultuous start to ICS fourteen years ago, Australia’s retail and logistics industries, as well as their technology suppliers, are unlikely to accept assurances from the government any replacement will work out of the box at face value.