Friday, December 03, 2004

Internet Security

Via Drudge.

George Tenet says that we need to tighten up Internet Security to blunt attacks on our infrastructure.

Former CIA Director George J. Tenet yesterday called for new security measures to guard against attacks on the United States that use the Internet, which he called "a potential Achilles' heel."

"I know that these actions will be controversial in this age when we still think the Internet is a free and open society with no control or accountability," he told an information-technology security conference in Washington, "but ultimately the Wild West must give way to governance and control."
I agree with George about our Internent vulnerability. I disagree that we need more "governance and control" to solve the problem.
The way the Internet was built might be part of the problem, he said. Its open architecture allows Web surfing, but that openness makes the system vulnerable, Mr. Tenet said.

Access to networks like the World Wide Web might need to be limited to those who can show they take security seriously, he said.
What George is saying is that the Inherent Design of the internet is not compatible with infrastructure security. Duh.

What we actually need is less stupidity.

What we need to do is to provide more security for our networked systems. The Internent is not the answer to infrastructure control problems. It is inherently insecure. As a controls engineer I have been arguing this point for at least five years. Well before 9/11.

Wiring up a factory to use the Internet Protocol (IP) for in factory and inter factory control is a stupid idea. Since the IP is well understood using it to destroy a facility would be rather easy. Nothing new to learn except the control settings of the individual factory or company.

Worse is controlling a factory with wireless internet. With that kind of setup you don't have any fire wall between your operations and the outside world. In fact you don't even need to know IP or wireless protocols to cause trouble. All you need is a jammer to bring a factory to its knees. And the jammer need not be on continuously. An intermittent jammer could wreak havoc with sensitive factory processes.

Some current and future aircraft designs are using IP as a communications protocol instead of a custom one. Aircraft. Stupid.

My prescription: all factory intercommunication ought to be done with custom protocols done over hard wires or better yet fiber optic cable. Control functions need to be separated from data collection. Fire walls are essential - several levels of fire wall in fact.

This does not need new Internet rules or governance. It just needs an end to stupidity.

10 comments:

DaveG said...

And excellent documentation! I have no idea what my company would do if I left. They're very dependent on custom software I've developed, but I'm a lazy SOB when it comes to documentation.

Custom protocols would have to be extremely well documented to ensure continuity of business through staffing changes.

Or not. I could be full of it.

Eric said...

That some company might be stupid enough to run crucial operations by means of the Internet is an argument for that company going broke; not for restrictions on the Internet.

The problem is that stupidity by some is increasingly used as an argument for punishing us all.

tweedledeetweedledum said...

This blog is awesome! If you get a chance you may want to visit this office software site, it's pretty awesome too!

jiri said...

Hi, I was searching blogs, and came onto yours fantastic blog.

I have a niche site. It pretty much covers how make money with niche marketing.

Keep it up. I'll check back later im sure.

blogdollar1 said...

Hi, I like your blog!. I have a blog about used camper for sale.
Stop by and check it out sometime at used camper for sale

Julian Silvain said...

I skim a lot of blogs, and so far yours is in the Top 3 of my list of favorites. I'm going to dive in and try my hand at it, so wish me luck.

It'll be in a totally different area than yours (mine is about mens male enhancement reviews) I know, it sounds strange, but it's like anything, once you learn more about it, it's pretty cool. It's mostly about mens male enhancement reviews related articles and subjects.

jon said...

Looking for brinks home security info and perimiter cams I found our site. I agree totally!

lokokid said...

Hi i am totally blown away with the blogs people have created its so much fun to read alot of good info and you have also one of the best blogs !! Have some time check my link to !!Home based business work at home

dad said...

Could any bloggers out there suggest a good site for
articles?

Norma said...

Intro to picture of zoroastrianism