Comment from Ron Southworth
Time: April 27, 2007, 1:05 pm

Hi Dale,

Good to read some suppliers are rising to the challenge of improving the quality of their products.

I will be keen to see what sort of discussions come from the ISA blog as they are really doing some great work. I hope the sister organisation here formalises their relationship this year it would be good for the industry for certain.

The LA times report and a couple of others did sensationalise the situation somewhat but that is how paper’s are sold. I think the press release from the utility is probably the best and most accurate synopses of the events that happened. The trusted insider problem is re-emphasised in this situation! Travel safe and take care - I will hopefully be doing the same

Comment from Terry Martin
Time: April 28, 2007, 9:53 am

After meeting Dale and the crew at Wurldtech this week, I came away with the conflicting feelings of distinct pleasure to have been in the company of some of the best minds in the industry, accompanied by the feeling of having the crap scared out of me by the Achilles hack-in-a-box.

It’s not so much the box, as it is the fact that the Achilles platform has succeeded in quantitatively and qualitatively defining the threat to embedded systems of all types.

It’s one thing to have a level of unease about the reliability of critical infrastructure, it’s quite another to come away with a clear knowlege that controls operating the industrial and safety processes of critical infrastructure are known to be unreliable under clearly defined parameters that are easily reproduced in the wild, by design or force of circumstance.

Standards development is all well and good, but there is no reason to defer acting to harden these systems until some indefinite point of future cross-industry, cross-national and cross-academic consensus.

It’s possible, and in fact probable, that the bar may be set higher, but for now Achilles has demonstrated the minimum functional safety specification to establish a Common Criteria protection profile for device and system hardening.

As a consumer, I for one, don’t want my life disrupted by another foreseeable and avoidable catastrophe. The early adopters are to be applauded.

Comment from Ralph Langner
Time: April 30, 2007, 11:07 am

I do believe Achilles testing and certification is a good thing. Anyway I would like to throw in a bit of salt, just for the sake of the argument. Don’t get me wrong here, I am exaggerating to make a point.

— Caution! Exaggeration starts here —

The point is: Why would a company (such as a component vendor) spend effort and money for testing the implementation of a lousy protocol, when designing and implementing a completely new, more robust, and more secure protocol would be easier?

This is what puzzles me about Modbus: The protocol is so hopelessly obsolete that any effort to make implementations more stable would probably be better invested in a new design. It IS quite easy to design something far better. Why are we so much more scrupulous than the guys back then at Modicon?

No offence for the certification work though, Dale.

Comment from Dale Peterson
Time: April 30, 2007, 12:30 pm

Ralph - none taken, and I think you point to a real issue the Achilles Certification doesn’t address. Namely securing control protocols. I have a podcast scheduled with some of the Secure DNP3 leaders in May.

Most of Achilles testing is on IT protocol implementations. For example Controller Level 1 tests the Ethernet, ARP, IP, ICMP, TCP and UDP implementations. This is where a lot of the crashes and hanging of controllers is happening. I’m sure you have seen what broadcast traffic can do to some controllers that never envisioned seeing this.