24 January, 2007

SCADA Crypto

Crypto in Controlers at Digital Bond

This was also a topic of discussion at my Monday night dinner. One of the concerns for me is that as complexity is added the likelihood of unintentional failure increases.

It becomes a balance between the risk due to adding complexity and the risk of impact from either nefarious or mistaken connections.

I tend to think that we need to pursue these types of solutions now for the systems that need very tight controls and for a future environment that might be significantly more hostile. We should, however, be careful of how we deploy them.

If you look at my Ideal PCN post from a few months ago I touch on this.

Another quick comment: The Crypto isn't what matters here it is the control over access that the crypto provides that could add value.

2 comments:

Ron Southworth said...

So True Jim. A lot of what we have to do in the controls areana is a balancing act.

Our operators are suffering problems here presently with the Insufficiently Trained doing things their way instead of doing things for the end user of the system at some considerable expense to Availability exactly as I predicted it would.

If it is happening here it must be happening in other places. The threat from within is far more prevalent and much easier to manage than people think.

It is about organisational culture.

It is about selecting the best people with the right skills or skilling the right people and empowering them. This is actually mentioned in an early paper on Defence In Depth.

Best practices for securing these systems needs to be dynamic and we need to select the best method for the particular system requirements in balance with availability and cost effectiveness to the risk.

We cannmot rely on silver bullets or "in theory ..." We need to apply the proven theories.

Like you Jim, some of us have have actually been around in many differnt engineering roles since before there ever was an entity called IT and have worked in the controls and industrial environments. Sorry to lament but
back when it was all just one form or other of engineering, there was co-operation between everyone.

I find that co-operation is very much a key element to stopping the US & Them problems and for any system to be maintained in a highly available state.
The problem is you cannot force people to co-operate. At times in a lot of enterprises it is sadly lacking at the moment.

Imagine reducing that 80% of internal security problems down to 20% per-say.

Man could we really invest some resources into solving the SCADA mystery of all time the perfect distributed control system!

Have a most excellent day.

Dale Peterson said...

Jim your statement "Another quick comment: The Crypto isn't what matters here it is the control over access that the crypto provides that could add value." illustrates how terminology can trip us up.

Cryptography (or even more correct cryptology) is often shortened to crypto. Crypto does not equal encryption. Encryption is one type of crypto primitive as are key exchange methods, secure hash, digital signature algorithm, ...

This came up a couple of times at S4 and the room had an aha moment when each side understood why the other side thought they were crazy.

The people saying crypto did not mean encryption - - they agreed integrity measures were the key. The people saying crypto wasn't needed meant encryption wasn't needed.