Ralph Langner is one of the foremost experts on the security of critical infrastructure that we have. So, generally, when Ralph says something – whether its about Stuxnet, or cyberwar or the security of nuclear power plants – folks listen.
And these days, Ralph is wondering, out loud, whether our reliance on digital systems to manage critical infrastructure has gone too far. The answer, he suggests, may be to go “back to the future,” as it were: reintroducing analog systems into the control process chain as a backstop for cyber attacks.
Case in point: the Department of Homeland Security’s ICS-CERT warned on Friday that firmware for Siemens SIMATIC S7-1500 CPUs (Central Processing Units) contain nine vulnerabilities that could enable attacks such as cross site request forgery, cross site scripting and URL redirection. (Siemens has issued a firmware update that patches the holes.)
Langner is among the world’s foremost experts on control systems security, notes that the critical infrastructure sector. He was among the first to suggest (publicly) that the Stuxnet worm was a targeted, nation-backed attack on Iran’s nuclear enrichment program.
Writing on Saturday, he said that the critical infrastructure sector is in a headlong rush to replace aging, analog control system infrastructure with modern, digital systems. Software based control infrastructure, he notes, offers many advantages – flexibility, the possibility of remote operation and management and access to a much larger pool of talent and expertise. Engineers who understand and can manage analog systems are, after all, a dying breed – literally.
link to pop write up. link to Langner's own post.
No comments:
Post a Comment