[SystemSafety] Safety and effective or not cybersecurity countermeasures (was: IEC 63069, and Cybersecurity in IEC 61508)

Christopher Johnson Christopher.Johnson at glasgow.ac.uk
Wed Jun 5 14:31:05 CEST 2019


I usually tease the companies I work with by arguing that the “air gap” never exists and is usually a source of undue complacency.

I am agreeing with you but warning against complacency

C

> On 5 Jun 2019, at 14:25, Robert P. Schaefer <rps at mit.edu> wrote:
> 
> 
> Nothing in life is certain (apart from death and taxes) but the air gap narrows the point of access and increases the cost to the attacker.
> 
> I have yet to see anything that addresses "hardware based attacks trough the supply chain” that itself isn’t open to attack,
> mainly because of the cost of doing it right.
> 
> It is turtles all the way down.
> 
>> On Jun 5, 2019, at 8:16 AM, Christopher Johnson <Christopher.Johnson at glasgow.ac.uk> wrote:
>> 
>> And not allow in any new devices or replace any old devices that you do not 
>> trust (then define “trust” in the context of nuclear or transport sub-system?).
>> 
>> The “air gap” has proven to be very unreliable (I would not trust it) and it still
>> does little against eg hardware based attacks trough the supply chain.
>> 
>> All the best, Chris
>> 
>>> On 5 Jun 2019, at 14:11, Robert P. Schaefer <rps at mit.edu> wrote:
>>> 
>>> 
>>> use a private (detached from the Internet) network that is regularly monitored
>>> 
>>> any/all updates/changes to this private network should be vetted through an intermediate machine that itself
>>> is only, when necessary, attached/de-attached to the public network, and regulary cleaned/erased/rebuilt and monitored. 
>>> 
>>> don’t forget to train the humans who come into contact with tne network and the interface
>>> 
>>>> On Jun 5, 2019, at 6:14 AM, Peter Bernard Ladkin <ladkin at causalis.com> wrote:
>>>> 
>>>> 
>>>> 
>>>> On 2019-06-04 22:00 , David MENTRÉ wrote:
>>>>> 
>>>>> Taking as example an software based railway interlocking control device with some networking
>>>>> function. If one cannot assume that through appropriate countermeasures the device is immune to
>>>>> network attacks, then the attacker could probably in the worst case overwrite the original control
>>>>> software and do anything with the device, including producing unsafe outputs like triggering train
>>>>> collision.
>>>>> 
>>>> Say you are a system integrator, and you have to buy and install such a device. What would you do,
>>>> concretely?
>>>> 
>>>> PBL
>>>> 
>>>> Prof. Peter Bernard Ladkin, Bielefeld, Germany
>>>> MoreInCommon
>>>> Je suis Charlie
>>>> Tel+msg +49 (0)521 880 7319  www.rvs-bi.de
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> The System Safety Mailing List
>>>> systemsafety at TechFak.Uni-Bielefeld.DE
>>>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>>> 
>>> _______________________________________________
>>> The System Safety Mailing List
>>> systemsafety at TechFak.Uni-Bielefeld.DE
>>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>> 
> 



More information about the systemsafety mailing list