Crypto in Controlers at Digital Bond
This was also a topic of discussion at my Monday night dinner. One of the concerns for me is that as complexity is added the likelihood of unintentional failure increases.
It becomes a balance between the risk due to adding complexity and the risk of impact from either nefarious or mistaken connections.
I tend to think that we need to pursue these types of solutions now for the systems that need very tight controls and for a future environment that might be significantly more hostile. We should, however, be careful of how we deploy them.
If you look at my Ideal PCN post from a few months ago I touch on this.
Another quick comment: The Crypto isn't what matters here it is the control over access that the crypto provides that could add value.
skip to main |
skip to sidebar
One of the reasons I am writing down these thoughts is so that people that have more information than I can correct me when I am wrong. Hopefully I will then learn.
Subscribe via email
Labels
- Control Systems (25)
- Music (24)
- Security Layers (20)
- Energy Environment (19)
- Risks and Metrics (19)
- Crazy Ideas (13)
- Singularity (12)
- Funny (11)
- Radiation and Polonium (11)
- Scanning SCADA (11)
- Wireless SCADA (11)
- Political (10)
- Nano Tech (9)
- Rant (8)
- Security Tools (8)
- Submarines (8)
- MPAA and RIAA (5)
- Sony Crappy (5)
- Quantum (4)
- Not So Random Quote (3)
- QotW (3)
- Security Politics (3)
- Vuln (3)
- Economy (1)
- FMEA (1)
- Health Care (1)
- Not as funny as it could be (1)
- Racism (1)
- Random Restart (1)
Contact Email
DCSSEC [at] gmail.com
Blogroll
Blog Archive
-
▼
2007
(215)
-
▼
January
(76)
- Is your work computer private?
- SCADAGard SIG
- Application Root Kits? - help me
- Hey Anton - meme add trap
- Protocol Converters
- Huh
- Auto Myths
- Refreshingly True
- Layer 3 – Networking - Continued
- A Fundamentally Enabling Capability
- More on Litvinenko Assassination
- ROI Computation
- A Cubic Mile of Oil
- Quantum Imaging
- Totally Clueless
- Cisco Vuln - More
- Cisco Vuln
- Layer 3 – Networking - Security
- SCADA Crypto
- Quote of the Week - 1
- Lame Excuses and pseudo Name Dropping
- No Kidding
- Fusion - Crazy Ideas
- Embrace the Suck - MilSpeak
- More Fuzzing - Details
- Good Advice for Vendors
- RIAA, MPAA and 1690's guilds
- This is Singularly Significant
- Silly PunditEvery hacker knows that this is the re...
- Nubs
- Nostradamus
- Forget the Towel where is your Ziplock?
- Bayesian Cool
- Data Link – Layer 2 Continued
- Diamond Age Mini
- The Purina Diet
- Fuzzing
- Data Link – Layer 2
- Snow Rage
- Nanotubes, Space Elevators and nano thin circuits ...
- सद्धर्मपुण्डरीकसूत्र - huh?
- Good ID Theft Post at Emergent Chaos
- David Beckham comming to the States?!?!
- Vista Conversation
- Murry's Law
- Life Blogging - Pakistan and Saudi Arabia
- A new Force?
- सद्धर्मपुण्डरीकसूत्र
- GIGO
- '94 Net Predictions
- Moneyball Writer takes on Football
- Tetris Debit Cards
- Puppy Phishing
- Another Vendor Rootkit - Well really trojan
- Another Physical Layer Post
- Some realisim on MAC security and Marketing
- SAS 70's
- Another Article on Logiic
- Comments - Wireless Conserns and Realitive Risk
- Spikes Indicate multiple Polonium Exposures
- Physical Security - Layer 1
- I don't really mean to bash MS - Update your browsers
- Update on the Polonium
- Deadly Genes - Human Vuln disclosure Discussion
- Month of No Bugs
- Amrit Rant Reply
- No news is good news
- Chest CT Scan Today
- Science Helpline - Celebrities
- Global Warming
- Singularity Alert
- SCADA Security Fiction?
- If Windows Were a Car
- Windows Automotive
- Lesson in Market Size
- Happy New Year
-
▼
January
(76)
1 comment:
So True Jim. A lot of what we have to do in the controls areana is a balancing act.
Our operators are suffering problems here presently with the Insufficiently Trained doing things their way instead of doing things for the end user of the system at some considerable expense to Availability exactly as I predicted it would.
If it is happening here it must be happening in other places. The threat from within is far more prevalent and much easier to manage than people think.
It is about organisational culture.
It is about selecting the best people with the right skills or skilling the right people and empowering them. This is actually mentioned in an early paper on Defence In Depth.
Best practices for securing these systems needs to be dynamic and we need to select the best method for the particular system requirements in balance with availability and cost effectiveness to the risk.
We cannmot rely on silver bullets or "in theory ..." We need to apply the proven theories.
Like you Jim, some of us have have actually been around in many differnt engineering roles since before there ever was an entity called IT and have worked in the controls and industrial environments. Sorry to lament but
back when it was all just one form or other of engineering, there was co-operation between everyone.
I find that co-operation is very much a key element to stopping the US & Them problems and for any system to be maintained in a highly available state.
The problem is you cannot force people to co-operate. At times in a lot of enterprises it is sadly lacking at the moment.
Imagine reducing that 80% of internal security problems down to 20% per-say.
Man could we really invest some resources into solving the SCADA mystery of all time the perfect distributed control system!
Have a most excellent day.
Post a Comment