Firewall Wizards mailing list archives
Re: SCADA (or: How I learned to love receiving FWW in digest form)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 17 Apr 2009 18:24:52 -0400
Dotzero wrote:
would Marcus' artist friend agree to a 10% or 20% increase in his utility bills to have "proper security" (however one defines this)?
Wait a minute!! It was properly secure BEFORE. In fact, had to have SPENT MONEY to make it worse. Someone, someplace, put it into a less secure state "to save money" or "for business reasons." What we're seeing is that their cost/benefit analysis was wrong; it didn't save as much as they thought (because they did it wrong!) or, if it recouped enough on the investment, then any additional security expense comes out of that profit/benefit's margin. Let me belabor that point a bit: security is often seen as a bill that gets presented; a cost of doing business. What they don't understand is that the bill is just interest coming due for when they cut some corners years ago. A break-in or disaster is that interest, compounded. This is one reason I am (obviously) highly skeptical of many business justifications. They omit to take hidden costs into account and then try to shift/blame someone else for them later. It's very easy to see something as a profitable and desirable activity as long as you only look at the upside. mjr. -- Marcus J. Ranum CSO, Tenable Network Security, Inc. http://www.tenablesecurity.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Mike Barkett (Apr 17)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Dotzero (Apr 17)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Marcus J. Ranum (Apr 17)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Brian Loe (Apr 18)
- Message not available
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Bret Watson (Apr 18)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Brian Loe (Apr 18)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) ArkanoiD (Apr 18)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Brian Loe (Apr 19)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Paul D. Robertson (Apr 19)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Brian Loe (Apr 20)
- Re: SCADA (or: How I learned to love receiving FWW indigest form) Michael Balasko (Apr 20)
- The Cybersecurity Act of 2009 (was: SCADA) Chris Blask (Apr 21)
- Re: The Cybersecurity Act of 2009 (was: SCADA) Steven M. Bellovin (Apr 21)
- Re: SCADA (or: How I learned to love receiving FWW in digest form) Dotzero (Apr 17)