In its simplest form the root of the issue with securing control systems is that there is no inherent security in a control system. There are no mechanisms when you purchase and deploy a control system to ensure confidentiality, integrity and authenticity as these were not a driving design criteria.
In a control system the driving principle is availability, reliability and safety. Confidentially is not really needed, but integrity and authenticity measures would go a long way to alleviating many weaknesses of the type exploited by Stuxnet.
The vendors ultimately produce what the asset owners use, and they are only going to revamp their product lines to include security if the market demands it, or by legislative fiat.
Asset owners, when will you start to demand security in your control systems products to the degree that the vendors must respond? The only other mechanism by which this will occur is by federal mandate which flies in the face of the principles of a free market.
So far the market hasn't demanded it. In the 6 years I have been examining thees system there has been no significant change in product lines that indicates that security is a driving design criteria. And this is without addresses the tens of thousands of legacy systems.
So if you as an asset owner are bewildered by the ease in which Stuxnet propagated, and bemoaning the fact that there is little in most systems that would have stopped it, well you need look no further for culprits then yourselves collectively, as you as a community have simply not demanded it in the products you buy.
Because of the fundamental lack of security in control systems we instead rely on bolt on hardening, and perimeter control. In the face of the metrics coming out about the number of systems infected by Stuxnet, it is obvious that this approach has failed.
No comments:
Post a Comment