Friday, December 03, 2004

Internet Security

Via Drudge.

George Tenet says that we need to tighten up Internet Security to blunt attacks on our infrastructure.

Former CIA Director George J. Tenet yesterday called for new security measures to guard against attacks on the United States that use the Internet, which he called "a potential Achilles' heel."

"I know that these actions will be controversial in this age when we still think the Internet is a free and open society with no control or accountability," he told an information-technology security conference in Washington, "but ultimately the Wild West must give way to governance and control."
I agree with George about our Internent vulnerability. I disagree that we need more "governance and control" to solve the problem.
The way the Internet was built might be part of the problem, he said. Its open architecture allows Web surfing, but that openness makes the system vulnerable, Mr. Tenet said.

Access to networks like the World Wide Web might need to be limited to those who can show they take security seriously, he said.
What George is saying is that the Inherent Design of the internet is not compatible with infrastructure security. Duh.

What we actually need is less stupidity.

What we need to do is to provide more security for our networked systems. The Internent is not the answer to infrastructure control problems. It is inherently insecure. As a controls engineer I have been arguing this point for at least five years. Well before 9/11.

Wiring up a factory to use the Internet Protocol (IP) for in factory and inter factory control is a stupid idea. Since the IP is well understood using it to destroy a facility would be rather easy. Nothing new to learn except the control settings of the individual factory or company.

Worse is controlling a factory with wireless internet. With that kind of setup you don't have any fire wall between your operations and the outside world. In fact you don't even need to know IP or wireless protocols to cause trouble. All you need is a jammer to bring a factory to its knees. And the jammer need not be on continuously. An intermittent jammer could wreak havoc with sensitive factory processes.

Some current and future aircraft designs are using IP as a communications protocol instead of a custom one. Aircraft. Stupid.

My prescription: all factory intercommunication ought to be done with custom protocols done over hard wires or better yet fiber optic cable. Control functions need to be separated from data collection. Fire walls are essential - several levels of fire wall in fact.

This does not need new Internet rules or governance. It just needs an end to stupidity.

2 comments:

DaveG said...

And excellent documentation! I have no idea what my company would do if I left. They're very dependent on custom software I've developed, but I'm a lazy SOB when it comes to documentation.

Custom protocols would have to be extremely well documented to ensure continuity of business through staffing changes.

Or not. I could be full of it.

Eric said...

That some company might be stupid enough to run crucial operations by means of the Internet is an argument for that company going broke; not for restrictions on the Internet.

The problem is that stupidity by some is increasingly used as an argument for punishing us all.