[R-390] off topic interesting read
Robert Nickels
ranickel at comcast.net
Wed Apr 8 16:10:18 EDT 2009
2002tii wrote:
> Time was when commands to remote equipment of all kinds was carried
> by dedicated circuits, so an intruder first had to physically locate
> and tap into the circuit, then begin to figure out how the commands
> worked. Now, lazy designers blithely use the ubiquitous Internet for
> the comm link, and the first part of the security equation is very
> seriously weakened.
>
>
Having had some involvement in the process control industry,
cybersecurity is a Really Big Deal. The ISA SP-99 standard are focused
on this, you can Google up more than you'll want to read about it.
The old axiom was that a security system is no stronger than the
barriers to physical access. Wires can be tapped - but add the growing
trend toward wireless (what you and I would call by the old fashioned
term "radio") for industrial communications and the plot really
thickens. ISA SP-100 is an evolving standard for industrial wireless -
but it's based on a taxonomy of applications, and even the strongest
advocates don't talk about using it for safety critical purposes. It's
great for non-critical monitoring, but there is interest in doing real
time control via wireless, and the discussions tend to focus on
encryption algorithms, key distribution, ways to guard against
unauthorized intrusion, interception, message replay, and so forth.
But most of these folks don't understand how "radio" really works. I
caused a few frowny faces at one committee meeting where I pointed out
that a strong enough transmitter could put enough ERP on the receiver
inputs of their 802.15.4 silicon radios that nothing would get through.
(To get decent battery life, most of these spread spectrum radios
transmit with 1 to 10 mw of power - that's not much ERP at a few hundred
feet).
Some finally realized that even the most sophisticated algorithm wasn't
much help during an RF-based denial-of-service attack, and that
controlling output devices like pumps, valves, and motors with wireless
could have some unintended consequences.
I think the companies and people involved in these industries are very
conscientious - but they've got to be right all the time - the bad guys
only have to be right once.
73, Bob W9RAN.
More information about the R-390
mailing list