Tuesday 21 February 2012

CNII Forensics: KLCC Twin Towers & Maroochy Water Incident in Queensland

Most probably you will be asking yourself what is the significance between KLCC Twin Towers and Maroochy Water Incident in Queensland with regard to CNII Forensics.

In case you want to know about CNII Forensics, I've written briefly on CNII Forensics and the subjects associated with it.

http://aswamiariffin-cybercsimalaysia.blogspot.com/2011/11/cnii-forensics.html 

http://aswamiariffin-cybercsimalaysia.blogspot.com/2011/10/die-hard-4-and-hacked-football.html

Well, after I graduated from the University of Liverpool in Electrical Engineering and Electronics, my first job was a project engineer to oversee the Standby Power and Scada systems development at KLCC Twin Towers.

For a fresh graduate, it was indeed challenging to manage one of the tallest buildings in the world (at that time) and would be the famous landmark in Kuala Lumpur Malaysia. But, it was worthwhile because I’ve learnt a lot on technical and management complexities.

Then, early this year, I read my supervisor’s paper, Professor Jill Slay [1] on “LESSONS LEARNED FROM THE MAROOCHY WATER BREACH”. It is interesting to understand the implications if we don’t protect our critical systems. If breached, the impact would be disastrous, not only in monetary but lives.

It is priceless, isn’t it? (If you can’t imagine it, watch Die Hard 4).

And, as a project engineer, I was ignorant on the consequences and security aspects in the beginning. I think all control engineers were ignorant too until they became aware on this serious issue. But this doesn’t mean my first project is not secured and I will not reveal neither discuss it here.

Nevertheless, I’m grateful that I’ve acquired the required experience in IT security through CyberSecurity Malaysia and now going deeper in the discipline of digital forensics at University of South Australia.

Well, the “Industrial Network Security” is not totally different from the typical network security. That’s why Stuxnet was developed to attack/disrupt Iran’s nuclear facilities.

With proper design we should be able to mitigate the issue but it will not be 100%. Constant monitoring is compulsory with best practice according to standards and regulations. NERC CIP is an exemplary.

I wouldn’t go into detail on the network. However, I must stress that network segregation is very important with detection systems. Again, the network must be monitored 24X7.

If something happens to KLCC Twin Towers, the cost will be in billions of dollars. I still remember when I did the testing on the Scada system, stringent procedures must be followed and it has to be conducted after 12am.

So, the Maroochy Water incident in Queensland is a lesson learned for all of us. Every country must put an effort to safeguard their critical infrastructures.

Malaysia and Australia have high commitment on this matter.

[1] J.Slay and M.Miller. “Lessons Learned From The Maroochy Water Breach”, in IFIP Book Chapter, 2008, pp. 73-82.