[SCADASEC] IBM is offering 'SCADA security best practices'...

[Matthew Franz]

>
> > If they are still using non-IP, then
> >> what is the problem?
>
> I don't want to put words in your mouth but are you implying "security
> by obscurity"?
>

I should have been clearer, the problem I was referring to was not the
security problem but all the animus towards "IT" solution providers,
which as we both know aren't interested in the legacy device/protocol
issue. And if they aren't offering a solution why do folks in this
community feel so threatened. That was the "problem" not a security
problem.

When I was at Cisco, I was the one that got the company  involved in
AGA-12, before passing it on to Andrew Wright who ended up writing the
reference implementation and spending *years* on the project. But this
was a research/standards/charity effort on the part of Cisco, never
about adding the features or selling it in Cisco gear.

Its not about obscurity, its about relative risk based on access,
connectivity, availability of attacker tools, knowledge required among
an attacker community. It doesn't make it more security but it does
affect the risk equation IMHO.

It's like moving your SSH server on an Internet *NIX box to port 502
(or something other than 22) you might not be "more secure" (whatever
than even means) but you will definitely get less probes, connection
requests, brute force login attempts, and this would help you against
an SSH worm that on the IANA registered port. It buys you something
against some attackers. And I think the same is true for proprietary
protocols or non-Ethernet communication.  Security is not an all or
nothing proposition.

- mdf