Security and Reliability
Security and reliability are two terms used quite often in our industry. Though I have been in the control systems realm a short time, it appears that many people view the two subjects as opposing forces. I believe that is most cases security should be considered an aspect of reliability.
If a control network is compromised due to poor security policy (lack of patches, slow patch cycle, etc), the reliability of the network is decreased. If an attacker can perform INL’s favorite attack, man-in-the-middle, and send commands to a PLC that disrupts the grid, the reliability is decreased. Nearly all security threats should be seen as threats to the systems reliability.
I spoke about this subject with others and Martin Solum brought up the aspect of a backup network. In the case of failed patching or a compromise, the backup network is then used as the control network. This network would typically be on a delayed patch cycle and would therefore have more holes (in theory) than the production control network. Though an implementation with a backup network is going to add complexity to both the security and reliability aspects of a control network, I don’t feel that it invalidates the fact that security is an aspect of reliability.
This topic came about during a conversation I had with a former co-worker. Steve Hurd, of Sandia National Laboratories in California, was interested in writing a paper on the subject of how security affects reliability. Due to the fact that Steve never has enough time, he allowed me to write on the subject. If anybody has any hard numbers (which is almost never, it seems) that either agrees or disagrees with this view, I would love to see them.
Author: Charles Perine
Posted: April 28th, 2008 under Big Picture.
Comments: 4
Comments
Comment from Ralph Langner
Time: April 28, 2008, 3:03 pm
“I believe that is most cases security should be considered an aspect of reliability.”
That depends on how you define “most” and “reliability”, Charles. Some examples come to mind where a lack of security doesn’t affect reliability:
1. Industrial espionage. That’s obvious. By exploiting several vulnerabilities, an attacker steals intellectual property, such as recipes, or product cycle times. If done properly, the victim may not even recognize the attack.
2. Quality related security problems.
Example A: Malware infects a quality inspection system (running on a non-hardened Windows box way beyond the latest patch), causing the system to degrade. Just because of performance problems, a significant percentage of scrap remains undetected and is shipped to customers.
Example B: Accidental or intentional manipulation of a DCS, or PLC program, results in a product out of specification limits, or in a contaminated product.
Having that said, let me add that I am a strong advocate of not separating all those concepts of the security puzzle. In a highly automated networked environment, it doesn’t make much sense to put security, safety, reliability and the likes in different boxes. They all belong together. At the end of the day, what matters is our ability to prevent damage, no matter what the cause and nature of this damage may be.
Comment from Joe Weiss
Time: April 29, 2008, 11:17 am
The focus of the August Applied Control Solutions Conference is cyber impacts (intended and unintended) on system reliability.
Joe Weiss
Comment from Ron Southworth
Time: April 30, 2008, 2:09 am
Hi I would also suggest like Ralph that a return on investment motivator with security that CEO’s will understand better:
Availability or reliability -
Premium Quality “of product sold” = Meeting profit targets
Effective Risk Management-
Buisness continuity = Maintaining profit targets
Shareholders dividends and CEo’s bonus is realised.
This they will understand.
Comment from Charles Perine
Time: April 30, 2008, 2:21 am
Ralph,
Initially I was thinking of reliability in the typical system/network availability (five nines of reliability). Part 2 of your examples, both A and B, certainly effect the product / service reliability.
I absolutely agree with you with respect to not separating the different aspects of the security puzzle. Your mention of security and safety reminds me of a talk I attended while at Sandia (SNL/CA). Bruce Schneier was talking about computer systems failing securely and an audience member brought up the fact that a requirement at SNL for weapons engineering was to fail safe.
It is my feeling that the vendors should be able to make products that fail safe in the physical realm and fail secure in the cyber realm. It seems like an obvious overlap to me but maybe that is just a bit of naïveté on my part.
Joe,
I look forward to hearing what they have to say.
Write a comment