Educause Security Discussion mailing list archives
Re: potential security issues with embedded systems?
From: Jere Retzer <retzerj () OHSU EDU>
Date: Thu, 11 Dec 2003 17:03:40 -0800
H. Morrow Long wrote:
Many of these systems are used for monitoring temperature, off/on
status and other sensor output -- but they can often also be used to control the device under monitoring/management as well.
While these devices used to be on proprietary networks in the past, or
even just on closed systems with RS232/422/etc, now they are often on IP-based Ethernets (and many enterprises may possibly use their regular enterprise network to connect these devices for ease of access....). Correct, and while I don't wish to be alarmist engineers from the realtime community typically don't have our perspective on the hazards of modern networks. I read in an article recently on a publication on realtime control systems that said it was not necessary for the OS to support encryption because it would "typically be installed behind a firewall." Those on this list are probably mostly well, and painfully aware that firewalls, while necessary in many cases are becoming more and more ineffective with the growth of laptops, wireless nets, encrypted tunnels, the growing tendency to connect everything via port 80, etc ... To stir things up a bit more, a few years ago I worked for a company that integrated realtime control systems for electric power utilities -- it was the rage at the time to use TCP/IP over Ethernet and even integrate on the corporate network. If that is not enough, those of us in healthcare also deal with patient monitoring and life support systems, although my experience is that the clinical engineering community has, or at least had when I last worked with them a healthy level of paranoia. Jere Retzer, OHSU ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- potential security issues with embedded systems? Kyle Barger (Dec 11)
- <Possible follow-ups>
- Re: potential security issues with embedded systems? Paul Russell (Dec 11)
- Re: potential security issues with embedded systems? H. Morrow Long (Dec 11)
- Re: potential security issues with embedded systems? Gary Flynn (Dec 11)
- Re: potential security issues with embedded systems? Scott Bradner (Dec 11)
- Re: potential security issues with embedded systems? Cal Frye (Dec 11)
- Re: potential security issues with embedded systems? Jere Retzer (Dec 11)
- Re: potential security issues with embedded systems? Randy Marchany (Dec 11)
- Re: potential security issues with embedded systems? Jack Suess (Dec 11)
- Re: potential security issues with embedded systems? Dewitt Latimer (Dec 12)
- Re: potential security issues with embedded systems? Scott Bradner (Dec 12)
- Re: potential security issues with embedded systems? Don Westlight (Dec 12)
- Re: potential security issues with embedded systems? Tom Jackson (Dec 12)