IT standards and guides do not adequately prepare IT practitioners to appear as expert witnesses: An Australian perspective

ABC News. (2008a) Court watches graphic video of Burnley tunnel crash. ABC News 1 September. ABC News. (2008b) Coroner orders suppression of Burnley Tunnel report. ABC News 4 April. Brezinski, D. and Killalea, T. (2002) RFC 3227 – Guidelines for evidence collection and archiving, IETF, http://datatracker.ietf.org/doc/rfc3227/, accessed 17 January 2013. Carey, A. (2012) Citylink tunnels re-opened. The Age 3 October, 2012. Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y. and Sastry, S. (2011) Attacks Against Process Control Systems: Risk Assessment, Detection, and Response. Proceedings of ASIACCS ’11, 22–24 March, Hong Kong, China, pp. 335–366. Citilog. (2003) Snapshot of Citilog Applications in Asia Pacific – Melbourne CityLink, Australia, http://www.citilog.com/pdfs/Melbourne%20CityLinkLE_Snapshot.pdf, accessed 17 January 2013. Choo, K.K.R. (2010) High tech criminal threats to the national information infrastructure. Information Security Technical Report 15 (3): 104–111. Choo, K.K.R. (2011) The cyber threat landscape: Challenges and future research directions. Computers & Security 30 (8): 719–731. Dix, A. (2010) The Burnley Incident in a current theoretical perspective. 5th International Conference – Tunnel Safety and VentilationTunnel Ventilation – Graz, Austria, 4 May. Edwards, J. and Stavropoulos, P. (2012) Melbourne Back On The Move. ABC News, http://www.abc.net.au/news/2012-10-03/melbourne-tunnels-reopen-after-day-of-chaos/4293716. Fabro, M. and Cornelius, E. (2008) Recommended Practice: Creating Cyber Forensics Plans for Control Systems, Idaho National Laboratory. http://www.inl.gov/technicalpublications/Documents/4113665.pdf, accessed 17 January 2013. Falliere, N., Murchu, L.O. and Chien, E. (2010) W32.Stuxnet dossier: Version 1.3 (November 2010). Cupertino, CA: Symantec. Grance, T., Kent, K. and Kim, B. (2004) NIST SP800-61 – Computer Security Incident Handling Guide, NIST, January. Henderson, C. and Lenz, K.W. (2011) Legal issues concerning expert evidence and testimony. In: A. Mozayani, C. Noziglia (eds.) The Forensic Laboratory Handbook Procedures and Practice, Chapter 7, pp. 181–212. Kent, K., Chevalier, S., Grance, T. and Dang, H. (2006) NIST SP800-86 – Guide to Integrating Forensic Techniques into Incident Response, NIST, August. Levy, M. (2012) Tunnels could be closed for afternoon peak, The Age 3 October. Markoff, J. (2010) Worm can deal double blow to nuclear program. New York Times 19 November, http://www.nytimes.com/2010/11/20/world/middleeast/20stuxnet.html?ref=technology, accessed 17 January 2013. Martini, B. and Choo, K.K.R. (2012) An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9 (2): 71–80. McKemmish, R. (1999) What is Forensic Computing? Trends and Issues in Crime and Criminal Justice, Canberra: Australian Institute of Criminology, no. 118, June. Montgomery, J. and Bueker, T. (2010) Incident management an immediate reply. Thinking Highways 5 (1): 48–50. Nicholson, A., Webber, S., Dyer, S., Patel, T. and Janicke, H. (2012) SCADA security in the light of cyber-warfare. Computers & Security 31 (4): 418–436. Pallaras, S. (2011) New technology: opportunities and challenges for prosecutors. Crime, Law and Social Change 56 (1): 71–89. Sanger, D. (2012) Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. New York: Crown Publishers. Shinder, L. and Cross, M. (eds.) (2008) Chapter 17 – becoming an expert witness. In: Scene of the Cybercrime, 2nd edn., 9 June, pp. 693–725. Standards Australia. (2003) HB 171:2003 Handbook Guidelines for the management of IT evidence, Sydney, NSW: Standards Australia. Standards Australia. (2006a) AS/NZS ISO/IEC 18044:2006 Information technology – Security techniques – Information security incident management, 2 August, Sydney, NSW: Standards Australia. Standards Australia. (2006b) AS/NZS ISO/IEC 27001:2006 Information technology – Security techniques – Information security management systems – Requirements, 23 June, Sydney, NSW: Standards Australia. Standards Australia. (2006c) AS/NZS ISO/IEC 15443.1:2006 – Information technology—Security techniques—A framework for IT security assurance Part 1: Overview and framework, 2 August, Sydney, NSW: Standards Australia. TISN. (2005) SCADA Security – Advice for CEOs, 12 January, http://www.ema.gov.au/agd/WWW/rwpattach.nsf/VAP/ (930C12A9101F61D43493D44C70E84EAA)~SCADA+Security.pdf/ $file/SCADA+Security.pdf. Transdyn. (2011) CityLink Automated Tollway Traffic & Facilities Management System, http://www.transdyn.com/pdf/citylink-automated-tollway-traffic-management-system.pdf, accessed 27 May. Victorian Government. (2010) Security of Infrastructure Control Systems for Water and Transport, October. Woolf, H. (1996) Access to Justice: Final Report to the Lord Chancellor on the Civil Justice System in England and Wales. H.M. Stationery Office. Boden v The Queen B55/2002 [2003] HCATrans 828. DPP v Waleed Haddara (Ruling No 2) [2012] VSC 277. R v Boden [2002] QCA 164. R v Kalwig [2009] VSC 373.