Re: SCADA

[Brian Loe <knobdy () gmail com>]

On Wed, Apr 15, 2009 at 4:11 PM, Bill McGee (bam) <bam () cisco com> wrote:
> And what, exactly, is 'reliable'? The only reasonable definition I can think
> of is one that hasn't been broken into 'YET'. Like has been said before,
> unless you disassemble your machine, embed it into a cement and glass
> matrix, and dump it in the ocean, there is no such thing as 'secure' - and
> even then... Everything else involves degrees of risk balanced with the need
> to actually conduct business.
>
> In spite of what some of the purists on this list might imply, security is a
> trade-off, and every naive administrator believes his/her network to be
> 'secure' until it isn't. The rest of us manage risk and try our best to
> reduce the cost of risk to a level below the value of the business being
> conducted. Our job as security professionals is to help organizations reduce
> that risk as much as possible. Anyone selling anything else is hawking snake
> oil.
>
>
>
> Bill McGee

Seems we've gotten off on a tangent. The question is, do you connect
your SCADA network to your corporate network and therefore the
Internet. The answer was and is, IMO, NO!!!

I really DON'T have to update the Windows 95 boxes running on the
SCADA network. They are currently as secure as they ever will be. The
ability for someone or something to attack them has been mitigated as
much as can be for them to still do the job they are assigned.

And that's a fine point: "the job they are assigned" - not the job
they are assigned, and allow the lazy plant manager to monitor things
from his house in the morning; and allow engineering to not have to
cross the street to update a view or PLC and etc., etc..
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards