funsec mailing list archives

Re: Foul

From: Jon Kibler <Jon.Kibler () aset com>
Date: Mon, 09 Nov 2009 06:44:23 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Evans wrote:

On Mon, Nov 09, 2009 at 12:13:23AM -0800, Paul Ferguson wrote:

http://fergdawg.blogspot.com/2009/11/scada-security-conscience-abuse-of.html 
: Yes, I am pissed.


      I don't blame you. 

      I haven't worked in SCADA since 1991. When it was a package
      called Dexterity. That brings back memories I'd rather not have.
      I also, for some reason, miss it, because you felt you were doing REAL
      stuff, when you could see how fast the blowers were running, how much was
      in the hoppers and watch values changing (all without having to wear ear-defenders!)


There are many issues here. However, the general discussion on being able to
take out an electric utility (or any other control system for that matter)
through use of the Internet, misses the major point of control systems design:
All digital control systems should have analog safety systems. It should not be
possible to create a circumstance where damage can occur through the failure of
a digital control. Period. If such a failure is possible, do NOT blame it on the
Internet (or bad software, or terrorists, or cybercriminals, or anything else
outside of the control itself), because the issue is really that the control
system itself is poorly designed.

Bottom line: If a digital control (SCADA, DCS, PLC, etc.) can be manipulated to
cause a system failure, then the control system is badly designed and lacks the
appropriate safety systems dictated by standard control system design practices.

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
s: JonRKibler
e: Jon.Kibler () aset com
e: Jon.R.Kibler () gmail com
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkr4AJcACgkQUVxQRc85QlPAiACgmQ2Am+dnKG43+LDhIfSMntd5
v6AAnje6YRIxiSr5HKI2M8O+8CFH5QkO
=oeQF
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: What was that about hubris? Rich Kulawiec (Oct 01)
- <Possible follow-ups>
- Re: What was that about hubris? Rich Kulawiec (Oct 01)
  - Re: What was that about hubris? chris (Oct 01)
    - Re: What was that about hubris? Paul Vixie (Oct 01)