Firewall Wizards mailing list archives
Re: SCADA
From: Brian Loe <knobdy () gmail com>
Date: Wed, 15 Apr 2009 16:49:06 -0500
On Wed, Apr 15, 2009 at 4:11 PM, Bill McGee (bam) <bam () cisco com> wrote:
And what, exactly, is 'reliable'? The only reasonable definition I can think of is one that hasn't been broken into 'YET'. Like has been said before, unless you disassemble your machine, embed it into a cement and glass matrix, and dump it in the ocean, there is no such thing as 'secure' - and even then... Everything else involves degrees of risk balanced with the need to actually conduct business. In spite of what some of the purists on this list might imply, security is a trade-off, and every naive administrator believes his/her network to be 'secure' until it isn't. The rest of us manage risk and try our best to reduce the cost of risk to a level below the value of the business being conducted. Our job as security professionals is to help organizations reduce that risk as much as possible. Anyone selling anything else is hawking snake oil. Bill McGee
Seems we've gotten off on a tangent. The question is, do you connect your SCADA network to your corporate network and therefore the Internet. The answer was and is, IMO, NO!!! I really DON'T have to update the Windows 95 boxes running on the SCADA network. They are currently as secure as they ever will be. The ability for someone or something to attack them has been mitigated as much as can be for them to still do the job they are assigned. And that's a fine point: "the job they are assigned" - not the job they are assigned, and allow the lazy plant manager to monitor things from his house in the morning; and allow engineering to not have to cross the street to update a view or PLC and etc., etc.. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SCADA, (continued)