Only 500 People in the World Understand Security

View Comments: Oldest First|Newest First|Threaded View
Page 1/2  >  >>
User Rank
Understanding Security
apresher   8/2/2013 8:36:38 AM
Excellent post, Rich.  Security on the control side is an important issue.  But it's also interesting that many of the vulnerabilities are related to apps and casual administration of access permissions. 

Rob Spiegel
User Rank
500 and growing
Rob Spiegel   8/2/2013 3:37:51 PM
Marc may be right that only 500 people understand the ins and outs of the ever-changing network of control. Just a few short years ago, that number was probably considerably lower. Until recently, nobody needed to know network security in plants. the plants were islands. That's changed. Now the plant is networked to the ERP system, to customers, to vendors, to suppliers. And IT is breathing down the next of the control engineer about cell phones in the plant and downloaded music on plant PCs. The world of the control system has changed, and it's relatively new.

Charles Murray
User Rank
Re: Understanding Security
Charles Murray   8/2/2013 6:59:35 PM
This makes sense. It's probably why experts often say that just about any security system can be breached.  

User Rank
On Software and Hardware Security: Newer is not always better
oldtimer8080   8/3/2013 6:05:17 PM
Back in the earlier days of microprocessor hardware, you used to have to " blow " ( program ) a UV prom or eeprom and on the eeprom you had to blow those fuses to prevent reprogramming the BIOS control of a device.  The improvement was to add a physical jumper if you needed to program a device.

Now you can alter basic programming on-line. THAT is the biggest security hole ever created!

My security cred comes from both the microprossor and supercomputers; I have worked with both. I also did security on our link to DARPAnet; Cray bought my copy of " The Cuckoo's Egg ".

Something else to consider: you never hear about the truly successful security breaches.


I'm either one of the 500 or one of the people who never make headlines; make your choice...



User Rank
Re: On Software and Hardware Security: Newer is not always better
Battar   8/5/2013 8:48:48 AM

             On the DEC VAXstation 3x00 series that prom you mentioned was mounted on a socket, and it wasn't read-protected...but we had better not take this discussion any further...

User Rank
Re: On Software and Hardware Security: Newer is not always better
Zippy   8/5/2013 8:57:29 AM
There is no such thing as complete security; you just have to decide how much is enough, what you are willing to pay for it, and what you will give up in eficiency and convenience to get it.  Adobe Acrobat is a notorious security problem because everyone uses it (it's free), and therefore it is an attractive target for internet hackers.  You can avoid this by taking your control systems off the internet, like the military does, but then you have to live with the inconvenience of loss of ERP, remote access, etc.  You are still susceptable to authorized but disgruntled individuals with thumb drives, but as I said, there is no such thing as complete security.

User Rank
IT Security
Critic   8/5/2013 9:07:54 AM
Updating software is one way to introduce viruses or new vulnerabilities.  Updating more frequently can adversely impact security.

One way to improve security is to disconnect from the network and physically secure the equipment.  Obviously you have to restrict access to trusted employees, and don't give the IT guys access to everything.  If the number of trusted employees is small, then it's easier to figure out who sabotaged the machine.

The philosophy that all machines on the network are the same is a dangerous one.

Ann R. Thryft
User Rank
Re: On Software and Hardware Security: Newer is not always better
Ann R. Thryft   8/5/2013 1:11:52 PM
In 2005 I was working with a major mainframe software supplier on a security writing project when all kinds of security breaches were hitting the news, many regarding missing laptops or online breaches. The supplier had a top team of security experts I got to interview for the project. The federal agency intelligence guy said that the onset of online access to everything was the first major security hole, followed by employees bringing in their own consumer mobile devices like phones and laptops. I thought it was interesting that he placed online access first.

User Rank
Re: IT Security
kenish   8/5/2013 1:42:59 PM
Reminds me of a cyber security expert talking about ways the Stuxnet virus may have been implanted into a network that was physically not connected to any other network.   One speculation is "seed" the parking lot or a sidewalk at the facility with a USB flash drive.  An employee might take it into their office and plug it in to figure out which colleague "dropped" it......

User Rank
bobjengr   8/6/2013 5:55:48 PM

Excellent post Rich.   We have become so dependent upon the internet and search engines available it would be very difficult to work within a structure where there were no internet connections.   I do feel this would provide additional security and if you could eliminate "memory sticks" you could go a long way towards ultimate security.  This past week, my two grandsons downloaded a version of "Mine Craft" (or something).  You guessed it--the game had embedded within code the "blaster virus".  For the life of me, I could not eliminate the "bug".  $156.00 later and a trip to the "computer store", I come back relieved no apps or personal documents were affected in a detrimental manner.  Problem--this is the computer I use for my company.   Even though protected by passwords, they somehow got around the security.  (Ultimate hackers.)  Stuff happens even in the best of environments.

Page 1/2  >  >>
Partner Zone
More Blogs
Festo's BionicKangaroo combines pneumatic and electrical drive technology, plus very precise controls and condition monitoring. Like a real kangaroo, the BionicKangaroo robot harvests the kinetic energy of each takeoff and immediately uses it to power the next jump.
Design News and Digi-Key presents: Creating & Testing Your First RTOS Application Using MQX, a crash course that will look at defining a project, selecting a target processor, blocking code, defining tasks, completing code, and debugging.
These are the toys that inspired budding engineers to try out sublime designs, create miniature structures, and experiment with bizarre contraptions using sets that could be torn down and reconstructed over and over.
PowerStream is deploying the microgrid at its headquarters to demonstrate how people can generate and distribute their own energy and make their homes and businesses more sustainable through renewables.
Printrbot unveils its all-metal Printrbot Simple, bringing durability to low-cost 3D printers.
Design News Webinar Series
3/27/2014 11:00 a.m. California / 2:00 p.m. New York / 7:00 p.m. London
2/27/2014 11:00 a.m. California / 2:00 p.m. New York / 7:00 p.m. London
12/18/2013 Available On Demand
11/20/2013 Available On Demand
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Apr 21 - 25, Creating & Testing Your First RTOS Application Using MQX
SEMESTERS: 1  |  2  |  3  |  4  |  5

Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: April 29 - Day 1
Sponsored by maxon precision motors
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service