31 January, 2007

SCADAGard SIG

N-Circle is talking about the new Infragard SIG.

This stuff is good. He mentions the lack of awareness of security issues in the SCADA world and has a point but it is also nice to see the information security world start to take notice. It will be interesting to see the preconceptions of both sides challenged.

Between Symantec, Determina, Tenable and N-Circle the word is getting out that there is a significant market here.

That market is huge (at least the size of the existing IT market perhaps larger in terms of capital availability) and hungry for solutions that fit. Right now it is almost entirely a security vacuum. It has some real significant and important distinctions from the casual IT market but a lot of the existing solutions can be adopted to fit if done properly.

I am looking forward to the merger over the next several years.

7 comments:

Dale Peterson said...

Jim - must disagree with you on one key point. The market is small, and this is a huge problem. When Matt worked at Cisco he had a SCADA firewall code module, much like Tofino. Cisco had no interest in putting it in PIX, no business case, too small market and let him put in on Sourceforge. Recently Microsoft said there would be no control systems specific of Windows which I blogged on yesterday.

One of the unofficial hallway comments at MsMUG from someone who would know said Dell sells more copies of Windows in one day than the control systems market purchases in one year. If you are Microsoft, where do you put your development dollars?

Anonymous said...

You are right Dale the existing market is small. The potential market is huge. In any given organization that has DCS between 10 to 20% of their endpoints are directly or indirectly related to a control system. That number is growing because these are the systems that have not yet completly changed to IP. Add to that the fact that it is becomming easier to deploy these things so more an more of them are comming on line. We all agree that they are not being adequately protected so...

Jim C

Dale Peterson said...

jim - I guess we disagree. The market will tell us who is right.

I thing the potential market is also small when compared to other IT software and hardware markets.

What would you rather develop, the security product for every point of sale terminal or the security product for a control system with 20 year product life cycles?

Jim C said...

I can Agree to disagree and since at the moment my income isn't dependant on it I won't sweat it to much if I am wrong.

You are right about the current lifecycles but I suspect that those are compressing and will continue to do so a generation or so behind the rest of the IT market. Old IBM iron had a 20 year lifespan (hell some of it is still around) but newer and newer generations are having shorter and shorter lifecycles. I think the ACS world also is following this pattern only behind it a bit.

In any case the existing systems that are in place have little or no protection.

Ron Southworth said...

Hi Jim and Dale. The market for control systems with respect Jim will never be a large enough sector on their bottom line. I think that MS may look at an area that has a potential to prove that MS is as good as or better than Unix in any of it's flavours. I think that even though we may be a small customer group the community does have some influential "friends" in the government of all the nations most importantly in the USA that I am certain have an interest to see that the activity of migrating the CI control systems OS platforms is not going to be adversly affected. I think the time is fast approaching to have some productive dialogue about it all.

I know what MS are doing here in AU in support of the community and I cannot see that they are not at least approachable on the subject. I just don't seem to be finding the "RIGHT" Person to date here at least to find out where we can move forward. I will have to ask some of the vendor researchers directly about setting up a meeting with MS. Maybe this is an answer to moving forward.

Have a great day

Ron Southworth

Rob Lewis said...

Hi Jim,

Sorry I never quite got around to sending you a typical case study showing how our product could be used for SCADA protection, (but I will eventually).

These comments demonstrates the importance of a security sub-system that can be dropped onto modern/future *nix control systems in software form, and into current MS shops in appliance form to protect said systems that are sitting in front of control systems, but that are also conduits to/from the internet.

To refresh your memory, the technology will then provide multi-level/trusted security (MAC and tamper proof auditing), not just on the host it is installed on, but in the surrounding environment as well.

This product is a kernel level policy enforcer that provides security to other systems. It sits under the stack and protects what is on top.

We can do this now, and play a role in future systems when more people in your industry know about us.

Cheers

Jake Brodsky said...

Jim, I agree with Dale, this is not a large market, nor is it going to grow with speed that most IT related markets often do.

However, it does look like a steady source of work for a long time to come. We're talking about slow, evolutionary growth.

That said, this does look like a worthwhile endeavor. My hope is that it should complement the concepts of the ISA '99 framework. This is part of the already existing safety framework. If they attempt to apply typical office oriented IT stuff, then most industrial customers will ignore it. And that would be a big mistake.

When you get a chance, please ping an e-mail my way. I need to talk to you offline about unrelated stuff.