[SCADASEC] Encryption could make you more vulnerable, warn experts
Ralph Mackiewicz
ralph at sisconet.com
Tue Feb 12 10:53:52 CST 2008
> Actually, this is one of the concerns that I've seen expressed
> whenever people discuss AGA-12 (encryption) or IEC-62351 (secure
> authentication). These are lovely standards, but for the fact that
> they don't include key management methods. It's like selling an
> automobile with only three out of the four tires.
That is because there is no concensus on addressing the key management
issue. Updating keys in remote devices is a challenging job while the
technology of encryption and authentication is pretty well proven out
and mostly non-controversial. That is why a consensus based standard
like IEC 62351 can be written for encryption and authentication. BTW:
IEC 62351 also defines encryption for IP based IEC TC57 protocols. A
better analogy is like selling an automobile that doesn't allow the
tires to be changed unless you do it yourself with a hand jack and a
hand wrench. You can do it, but nobody wants to do it.
Ralph Mackiewicz
More information about the scadasec
mailing list