Vulnerable SCADA-system could make world leaders languish in traffic jams

According to The Register , in November 2014, a meeting of world leaders will be held in the framework of the G20 summit in the Australian city of Brisbane. The administration of the state of Queensland, in which Brisbane is located, is making serious preparations for this event, primarily targeting security.

For the first time in history, one of the areas in preparation was the inspection of a traffic management system. In preparation for the summit, an information security audit of this system was ordered. The report with the results of the audit is published and is available to all comers.

The test was subjected to two systems of intelligent transport management, developed by different operators, and operating in the state. In both systems found significant shortcomings.

As the report says, the systems do not implement information security monitoring and risk management systems, do not train personnel (for example, employees have never heard of social engineering and were easily affected by these mechanisms), industry recommendations and “best practices” were not implemented , poorly organized access control system, and so on.
')
According to the researchers, this attitude to safety allows us to conduct a direct targeted attack on the system and cause emergencies and severe congestion on the roads. Given the presence of ardent opponents of globalization and the G20 summit, hacktivists could implement such attacks in order to thwart meetings and increase the discontent of local residents.

Fortunately, both operators of SCADA-systems accepted recommendations and began to promptly identify deficiencies and carry out a set of measures to reduce the risks of unauthorized actions. Data on the reaction of operators and the adoption of recommendations for verification are also given in the report.