1. The currently used GSM cipher algorithms (used to provide confidentiality) are not published along with the bulk of the GSM standards. Instead, the GSM Association controls the distribution of the algorithm specifications. The decision not to make the algorithms available for peer review has received some criticism, with hindsight, from the academic world. However, it must be recognised that GSM security was designed at a time when the controls on the export and use of cryptography were much tighter. The regulatory situation was considerably relaxed in the late 1990s, which led 3GPP to adopt a more open approach to the design of the UMTS algorithms and to publish the algorithm specifications together with the rest of the UMTS standards.

2. Unlike the cipher algorithm, the GSM and UMTS authentication algorithms do not need to be standardised and operators are free to design or select their own. In GSM, an example algorithm was not included in the standards. This resulted in some operators using an algorithm, known as COMP-128, that has been recognised to be vulnerable to cryptographic attack. After this attack was published on the Internet, the GSM Association made a replacement algorithm available. To help avoid inadequate algorithms being used in UMTS, an example algorithm called MILENAGE [10] has been included in the standards for use by operators who do not wish to design their own.

3. The strength of the cipher algorithm depends, in part, on the length of the cipher key. In GSM, the cipher key is transported as a 64-bit structure.

Security is a basic feature of any public communication infrastructure whether fixed or mobile; it must provide user confidence and economic opportunity and must protect the values of society. Security of information and communications plays a fundamental role in ensuring that citizens realise benefits from these services. Security establishes a proper environment for the protection of privacy and confidentiality for the conduct of all aspects of personal, economic and administrative activity carried out over networks.

The potential for mobile commerce to develop as a new and additional economic sector emphasises the need for security and privacy. Free flow of trusted commercial data over mobile communication networks provides new opportunities for economic activity. Furthermore, commercial users need to be able to establish trust between themselves and the entities - human or automated - in organisations with which they are doing business.

Already most communication of sensitive data on fixed networks is subject to some protection. However, because of the dynamic topology and connectivity, security is fundamental to the successful operation of all aspects of wireless systems and must be given consideration in all new research and development undertakings in this field. It must be an essential part of the architecture in terms of placement of functionality, protocols and mechanisms - what goes on where and how.

Attached sample of SCADA Security Checklist that covering area such as:
Identify all connections to SCADA networks
Disconnect unnecessary connections to the SCADA network
Evaluate and strengthen the security of any remaining connections to the SCADA network
Harden SCADA networks by removing or disabling unnecessary services
Do not rely on proprietary protocols to protect your system
Implement the security features provided by device and system vendors

SCADA (Supervisory Control And Data Acquisition) Definition.

"...Industrial control system..."

Industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility based as described below:

- Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.