Comments on: April Podcast: This Month in Control System Security http://www.digitalbond.com/index.php/2009/04/29/april-podcast-this-month-in-control-system-security-2/ This Month in Control System Security Fri, 30 Jul 2010 09:35:51 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Éireann Leverett http://www.digitalbond.com/index.php/2009/04/29/april-podcast-this-month-in-control-system-security-2/comment-page-1/#comment-11609 Éireann Leverett Tue, 05 May 2009 14:36:11 +0000 http://www.digitalbond.com/?p=3318#comment-11609 During your discussions of other countries, I felt you touched on, but moved too rapidly past an important aspect. You noted that it was not a case of comparing apples to apples, but left out a little depth I think of as valuable. Remember that in some countries the control systems are under nationalised control, or indeed have switched from nationalised to privatised models within the last 30 years. That different business model can produce different approaches. Also, the regulation of the actual network (regardless of security) can be different, and thus (again) produce different approaches. For example France's network has a lot of inbuilt redundancy, so that if a generator is offline a particular region can be backfed. That can mean that the cyber threat is at least harder since multiple targets needs to be hit simultaneously. Summing up my point, don't forget that the engineering itself changes the threat landscape and attack surface. Lastly, some countries (for example: the UK, Spain, Sri Lanka, and Venezuala) have been dealing with terrorism for quite a long time. This operational knowledge of how to continue functioning in the face of sabotage can make many aspects of awareness raising or infrastructure hardening much much easier. During your discussions of other countries, I felt you touched on, but moved too rapidly past an important aspect. You noted that it was not a case of comparing apples to apples, but left out a little depth I think of as valuable.

Remember that in some countries the control systems are under nationalised control, or indeed have switched from nationalised to privatised models within the last 30 years. That different business model can produce different approaches. Also, the regulation of the actual network (regardless of security) can be different, and thus (again) produce different approaches.

For example France’s network has a lot of inbuilt redundancy, so that if a generator is offline a particular region can be backfed. That can mean that the cyber threat is at least harder since multiple targets needs to be hit simultaneously. Summing up my point, don’t forget that the engineering itself changes the threat landscape and attack surface.

Lastly, some countries (for example: the UK, Spain, Sri Lanka, and Venezuala) have been dealing with terrorism for quite a long time. This operational knowledge of how to continue functioning in the face of sabotage can make many aspects of awareness raising or infrastructure hardening much much easier.

]]> By: meh http://www.digitalbond.com/index.php/2009/04/29/april-podcast-this-month-in-control-system-security-2/comment-page-1/#comment-11603 meh Fri, 01 May 2009 01:02:05 +0000 http://www.digitalbond.com/?p=3318#comment-11603 Will release of exploits for software used in "critical infrastructures" be considered 'cyber weapons'? Will there be legal penalties for releasing them? What better way to push this information further underground, into fewer, dirtier hands. Will release of exploits for software used in “critical infrastructures” be considered ‘cyber weapons’? Will there be legal penalties for releasing them? What better way to push this information further underground, into fewer, dirtier hands.

]]> By: amino world http://www.digitalbond.com/index.php/2009/04/29/april-podcast-this-month-in-control-system-security-2/comment-page-1/#comment-11602 amino world Wed, 29 Apr 2009 15:31:49 +0000 http://www.digitalbond.com/?p=3318#comment-11602 terrific podcast, dale -- the 'ambling', recursive discussion format (intentional or not ) worked great for these topics! terrific podcast, dale — the ‘ambling’, recursive discussion format (intentional or not ) worked great for these topics!

]]>