Cybersecurity disclosures-- the game everybody can play

Nov. 26, 2007
Joe Weiss posted an extremely thought-provoking blog entry this morning on Unfettered. He questions the hacker/cracker cultural meme of disclosing cybersecurity vulnerabilities for the sheer pleasure of doing it. I think Joe's on to something here. We have a serious problem in cybersecurity in control systems...we don't have en...
Joe Weiss posted an extremely thought-provoking blog entry this morning on Unfettered. He questions the hacker/cracker cultural meme of disclosing cybersecurity vulnerabilities for the sheer pleasure of doing it. I think Joe's on to something here. We have a serious problem in cybersecurity in control systems...we don't have enough "cybersecurity experts" who know anything about process control or factory automation. We have a bunch of soi-disant experts who descended on control systems (remember, they're the guys who thought every control system was "SCADA"?) because they saw a big market, and have been spreading FUD ever since. Recently, a Wonderware vulnerability has been disclosed, and the disclosure is making the rounds. Several months ago, an ICONICS vulnerability was disclosed, causing ICONICS significant distress. Why? Well in both cases, the vulnerability was, although accurately described, not dangerous. In the Wonderware case, the vulnerability only applies to a very few customers who are still using a very old, outdated version of Wonderware's software that is so old that it will become "unsupported" at the end of the year. In the ICONICS case, the vulnerability, that generated a huge cyber alert both in Australia and the US, was only on the web demo on the ICONICS website. It would be a good thing if we all started thinking about these issues, and doing our best to discuss these types of vulnerabilities publicly with a clear eye to also disclosing the potential impact. Otherwise, we are reduced to a pack of former 13-year-olds giggling about scrawling metaphorical cyber graffiti, for the pleasure of the game. If we want to be taken seriously by policymakers, rulemakers, and politicians, we need to do better than that.

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...