tag:blogger.com,1999:blog-30976176.post8152194022749121035..comments2023-08-12T03:37:46.163-05:00Comments on DCS Security: Digital Bond -Scanning ACS or SCADA networksJim Chttp://www.blogger.com/profile/15676746489123643303noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-30976176.post-87516085707027997912006-12-01T08:07:00.000-05:002006-12-01T08:07:00.000-05:00I have a colleague at work who often points out th...I have a colleague at work who often points out that many things "treated with sufficient neglect" will run for a very long time. In other words, <i>it works --don't pick at it!</i><br /><br />I've heard from others in the security business who have personally observed that more systems are damaged through patch-happy policies than from actual attacks or software failures. What I'm getting at, and what many people fail to notice, is that there are risks associated with doing nothing and there are risks associated with invasive scanning. <br /><br />The reason many systems need to be scanned is bacause they have lots of opportunities for rougue software to invade the system. However good physical and network policies can keep this from happening. The difficult part is saying <b><i>NO!</i></b> to the IT and office commando types who feel the world owes them a view of everything from their desks. <br /><br />I happen to believe that there are far too many interfaces in to today's DCS and SCADA systems than there should be. We have a saying in our company: When asking for data, if you ask for all of it, you will get NOTHING. Anyone who asks for all data clearly doesn't know what he or she is looking for. We will not tolerate data surfing. That's not what a control system is designed for and that's not how we sized it. <br /><br />If people want such security so that they can surf anywhere in the system, then they need to be made aware of the costs and risks. These include extra security features for operators and making the system harder for everyone to use and evaluate. At some point we need to draw the line and say to the world "Get a Life!"Anonymousnoreply@blogger.com