Those are just a few quick samples of the rich security-related content to be found on the Web site of InfraGard, a national association I mentioned in this space last week after FBI Director Robert Mueller spoke at InfraGard's annual conference. So what is InfraGard, and why is it pulling together this and other valuable cybersecurity content? Formed in 1996 by the FBI to enlist the help of the IT industry and academia for the bureau's investigations into cybercrime, InfraGard today is "an association of businesses, academia, institutions, state and local law-enforcement agencies, and others dedicated to sharing information and intelligence to prevent hostile acts against the United States." Its 11,270 members include representatives from 68 of the Fortune 100 and are organized into local chapters around the country. So InfraGard is one of those outfits that actually does think globally while acting locally, and while my exposure to InfraGard has been admittedly brief, I would urge you to evaluate what the chapter near you is doing.

Here's another one: Know what "Scada" is? A study presented at an InfraGard chapter taught me that it stands for "Supervisory Control and Data Acquisition"--more directly, industrial process-control systems that monitor and control equipment such as motors, valves, pumps, relays, and sensors. Know why Scada is going to become a lot more important to traditional IT operations? Here's an example from that study: "Terrorists aside, what about sabotage of Scada systems by others, such as insiders? In 2000, in Maroochy Shire, Queensland, Vitek Boden released millions of litres of untreated sewage using a wireless laptop, apparently taking revenge against former employers. He was arrested, convicted, and jailed."

OTHER VOICES "With about 85% of the nation's critical infrastructure--energy utilities, manufacturing and transportation facilities, telecommunication and data networks, and financial services--in the private sector, it's no wonder there have been so many attempts to create services that keep these companies apprised of threats to their IT networks. But there's a problem: Most companies aren't eager to share their adventures in cybersecurity with each other or the government." -- InformationWeek, Larry Greenemeier, Aug. 24

Think of the infrastructure connections to your business--energy generation, power transmission, water, sewer, telecom, transportation, and more--and these Scada links don't seem so obscure. As Joe St. Sauver's paper points out, the Slammer worm in 2003 crashed the network of an Ohio nuclear power plant. The plant was offline at the time, but the worm did crash its safety-monitoring system for five hours.

But while the potential for massive damage via cyberattacks is increasing, the good news is that the IT industry is beginning to take note. The paper, given at an InfraGard chapter meeting late last year in Eugene, Ore., by St. Sauver of the University of Oregon's Computing Center, said, "Cisco deserves a big 'atta boy' for its Critical Infrastructure Assurance Group," and he also cites the Cyber Security Industry Alliance, whose members include more than a dozen security-related vendors.

And finally, St. Sauver's presentation completed the circuit with this advice: "Much of what's being faced in the Scada world has already been hashed through and fixed in the enterprise IT world. Those solutions, where suitable, need to be 'thrown over the wall' to Scada networks and systems so Scada folks don't 'reinvent the wheel.' IT folks need to visit with the process-control guys and gals."

The worlds of industrial-control networks and more-traditional enterprise IT networks are coming together, inevitably and inexorably. Are you ready? Either way, InfraGard is probably a pretty good outfit to get to know.

Bob Evans
Editorial Director
bevans@cmp.com

To discuss this column with other readers, please visit Bob Evans's forum on the Listening Post.

To find out more about Bob Evans, please visit his page on the Listening Post.