S4x14 Video: Byres/Peterson – SCADA Apologist or SCADA Realist

Eric Byres suggested we take our back and forth from the blogs to the stage at S4x14. I had 5 minutes to explain why SCADA Apologist, as I claim Eric is, are a major impediment to progress in ICS security. Then Eric had 5 minutes to respond why he was a SCADA Realist and I’m the ICS tooth fairy (watch the video). We each had two more short back and forth chances to rebut and then extended the argument/discussion to the audience.

In the interest of fairness to Eric I won’t expand on my position in the blog. Just watch the video. I think both sides made their cases clearly; you can decide which is correct.


  1. says

    Well done both of you – this is a very important debate. In my view the answer is you both are correct and even both in agreement at a key level, it is just the time period over which transformation has to/can happen that differs. My experience as a CISO and now a security strategy consultant in the energy sector tells me that even with a budget it can be near impossible to do blanket swap-out from legacy to secure systems because the resources, skills and expertise are not available to do it.

    Lets us all set a joint goal for operators and system vendors to a) have our control systems secure by design in the near future, b) work out good tactics to secure our legacy and c) do our best to shorten the time line between a) and b) as soon as we can.The latter step will need good engineers engaged and our regulators and wider stakeholders to see this as the priority. Sadly I think we haven’t got that yet.

  2. Sean Gowing says

    I’ve enjoyed reading the back and forth between Dale and Eric. Their opposing points of view both work to advance the cause by getting people thinking about different security strategies. I think the answer lies somewhere in the middle so by bringing both of these view points to the ICS security community, more people are likely to become aware that there is a middle ground and any of the measures implemented are progress.

    Thank you both for taking the time to discuss in a civil manner. I respect both of you for the courage to speak your minds and the level of professionalism that you have demonstrated.

    I look forward to more discussion and different views.

  3. says

    It seems to me, the physics of truly secure systems go way beyond simple Authentication to Proper and secure architecture design, including tempest emanation prevention and ingress shielding, cable routing and shielding, encryption of Wireless signaling or Laser signaling, secure building access, secure and proper grounding, secure power supplies, transportation pathway design, airspace control, vibration monitoring (for prevention of Tunneling), portal security, and human reliance. FW upgrades as a solution are a fantasy, as the Operating Systems Software interface programming investment goes thousands of man hours past the FW and or hardware replacement, which of course is after the Architecture design (to include basic building design, machine placement, etc…) and hardware purchase. To solve this issue, you would need to deal with the Human problem, until then we move forward securing a piece at a time when an installation takes place. My experience is that reality trumps wishful thinking everyday….although I do agree we must plan to succeed. Take care and do your best to be safe.

  4. Dale Peterson says

    Eric’s puzzle pieces and the comments on this article make me very concerned that we will fail to address insecure by design issues in the near term due to a much harder quest for secure by design. A company can address most of the issues in Eric’s puzzle, but they are stuck with insecure by design products and protocols.

    Insecure be design refers to the inclusion of documented product, protocol and system features that provide an attacker with all he needs to compromise the availability and integrity of the ICS. No vuln, no exploit, just network access.

    Riding critical infrastructure ICS of insecure by design has to be a priority, led by those experts and organizations with influence finally standing up and saying it needs to be done in the next 1-3 years. I’m convinced that the legion of well-meaning SCADA Apologists give cover to vendors and owner/operators who would prefer not to face the issue.

    This will not make the systems Secure By Design.

    The preparation and recorded conversation at the event has moved forward my thinking a bit. I’m more convinced now that a key is CI owner/operators holding off on upgrade projects until the solution is rid of insecure by design or the vendor commits to an upgrade path with dates when it will be rid of insecure by design. Let’s get some big $ RFP’s out there waiting for a vendor to step up.

    I have a few other takeaways, but I’ll save them for another article.

  5. steven romero says

    “…I’m more convinced now that a key is CI owner/operators holding off on upgrade projects until the solution is rid of insecure by design…”

    Now your fantisizing – an owner-operator has a mandate to build wealth for shareholders through increased production (which by the way calls for ICS upgrades). Waiting is not an option.

    Perhaps the better plan is to find a way to cooperate with those close to the industry and the vendors, and help out where you can rather than spend a lot of time and energy explaining how wrong their approach is. That tends to turn people off.

    My 2 cents.

Leave a Reply