HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Blogs
Blog

Patching for Industrial Cybersecurity Is a Broken Model

NO RATINGS
View Comments: Oldest First|Newest First|Threaded View
<<  <  Page 2/2
bobjengr
User Rank
Platinum
PATCHING FOR CYBERSECURITY
bobjengr   4/27/2013 12:08:48 PM
NO RATINGS
 Very informative Al--great post.   I'm not a programmer by any stretch of the imagination but I have wondered why programmers don't incorporate virus protection as an embed to the programs they write.  (NOTE: Maybe they do but I'm not aware of it.)  We depend upon external programs; i.e. Norton, AVG, Symantec, McAfee, etc. to provide protection but these are not always effective and must be upgraded frequently, sometimes weekly.  Also, are there any programs that will interrogate the IP address of the hacker or sender?  Again, very informative.

 

GeorgeG
User Rank
Platinum
Essence of the problem
GeorgeG   6/14/2013 9:38:42 AM
NO RATINGS
I'm surprised there hasn't been more traffic on this post. Perhaps that's an indication of the problem. As the post suggests, security must be structure, not veneer. The notion of a security patch is akin to the notion that you can fix a leak in the basement with a bit of caulking.

As the old saying goes 'it's all fun until someone loses an eye'. Even when a control system performs as intended, there's some chance of safety failures. However, a system cannot be considered safe unless it is rendered immune to external influences yet most integrators and users feel comfortable with a poorly thought out Maginot line of defence. In general, integrators and, worse, control system component suppliers (hardware and software) prefer to be agnostic to security issues expecting someone else to somehow provide an adequate defence - this has got to change. Many are the times I've sat through a presentation for an object/tag oriented controls package where the entire emphasis is on how easy it is to 'see' data and how easy it is to implement changes; so often, object manipulation is devoid of any semblance of change management or even basic validation of parameters: can you configure an unstable condition on a servo axis (what's stopping you)? Can you do it while the equipment is running? How much basic authentication is required?          

<<  <  Page 2/2
Partner Zone
More Blogs
Hacking has a long history in the movies, beginning with Tron and War Games and continuing through The Girl with the Dragon Tattoo.
In a line of ultra-futuristic projects, DARPA is developing a brain microchip that will help heal the bodies and minds of soldiers. A final product is far off, but preliminary chips are already being tested.
New manufacturing is changing more than just the plant floor. It's changing how manufacturers do business.
Venture capital guru Steve Vassallo looks for companies that think about design, not just technology for technology's sake.
In this TED presentation, Wayne Cotter, a computer engineer turned standup comic, explains why engineers are natural comedians.
Design News Webinar Series
9/10/2014 11:00 a.m. California / 2:00 p.m. New York
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Sep 22 - 26, MCU Software Development – A Step-by-Step Guide (Using a Real Eval Board)
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: September 30 - October 2
Sponsored by Altera
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service