The Byres/Peterson Live Debate at S4x14
Submitted by Eric Byres on Fri, 2014-01-31 16:26
Dale Peterson and I have been debating ICS security in our blog posts for over a year now. This January, we took our debate live at the S4x14 conference in Miami, Florida. While Dale refers to me as a SCADA Apologist, I believe I am more of a SCADA Realist.
Take some time to listen carefully to both sides of the argument, and then you can decide who makes the stronger case.
Related Links
- Tofinosecurity.com blog: "Rip and Replace" Approach to SCADA Security is Unrealistic
- Tofinosecurity.com blog: Enough Clucking – Start Fixing the SCADA Security Problem
- DigitalBond blog: Chicken, Egg, and Chicken Omelette with Salsa
Comments
My Vote is for Eric!
Eric - my compliments to you for your articulate presentation and response back to Dale Peterson regarding the current circumstances in today's ICS environment. You did a great job explaining the challenges and I really liked your "puzzle" diagram.
That said, I also will support Dale in the pressure on the marketplace to "fix the problem." However, again you did a great job to explain the barriers presented to "...fixing the problems..." with recognition that simply standing there with your hands on your hips to say "fix the problem" is not adequate.
Anyway, great job and I was very impressed with your presentation, arguments and my vote is for you!
Ernie Hayden
The Byres/Peterson Live Debate at S4x14
I was asked last week in Houston at the Smart Fields Summit "What to do in order to secure the control systems in critical infrastructures? And my answer was "you should do nothing". I meant to say that and I continued saying that the majority of the customers who should care about securing their critical infrastructures are not focused on understanding and identifying the problem, and they are not doing things on the base of "First things first", so it is better that they do nothing rather than doing the wrong thing.
Charles Kettering said "A problem well stated is a problem half solved." and this is the core issue.
To start from where Eric ended; we need to answer "what has to happen?", and for that we need first to understand the problem very well. Securing the controller, having secure protocols, security by design, and replacing the old ones with new ones are all good things to do. However, we need to identify what to do first.
I have seen companies hurrying up to do something to secure their control systems without practically addressing the below:
- Are the security controls installed going to be operational during the long life span of the plant, or they are going to be "installed and configured today and then disabled in the next month!!!?"
- Are their automated backup systems installed to take even image backups of the systems in a regular manner?
- Are there network and systems performance management solutions in place to provide customers a real-time status of the network and systems performance related issues within the processor-based systems and networks in these industrial platforms?
- Did the customers consider assessing the status of their industrial network infrastructures to ensure that they are "network wise" healthy? The answer might normally be that the industrial network was built on the vendor standard. However in reality the installation and configuration of the control systems in a platform includes installing more and more systems (DCS, F&G, ESD, Utilities and so on) from different vendors. The majorities of the vendors end up their SAT with ping ping ping all machines and if a reply comes back then the network is fine, while in reality the network in majority of the cases that I came to know about are "Not Healthy".
- When we say a defense-in-depth, is it really into that depth of defense?
- For those who claim that they should keep their industrial networks isolated, don't they think that by doing that they are going to keep themselves blind about what is happening in these industrial infrastructures.
I end up with saying what Eric mentioned “there are multiple things that can be done, however, this shall be studied well by each customer, and it shall be part of a major strategy that is based on well understanding of the nature of these IACS, and that should be addressing all issues needed to be addressed on the base of first things first.
Even though, we have been talking about this for the last almost 10 years, we should have multiple steps back, look at the big picture and then do a long jump that covers a long distance in securing these critical infrastructures within the shortest possible time.
SCADA Realist - It's A Real Thing
I work in one of the large companies that have lots of older control systems. Telling my management that rip-and-replace is REQUIRED within 5 years is a certain way for me to find myself unemployed.
Management sees all business decisions as a risk management exercise. Where should I spend the limited money I have to reduce the business risk that I operate with.
Even if there were 100% secure replacement systems in the market, I would still not be able to convince my management of a 5-year rip-and-replace project schedule. And, we all know that the systems on the market are NOT 100% secure. So I'd be trading my insecure system with another system that is still insecure by design.
So, I have to live within the constraints of my business. I help our production facilities manage the risk they have with the equipment they have on the ground, and I also help specify requirements for new systems that will be put into place in the coming years.
So, I would never consider myself a SCADA Apologist. I am a SCADA Realist. It is the only thing that I can be!
Add new comment