Since last year, I’ve been regularly re-posting almost all of my blog posts on Energy Central. This has been beneficial not just because it brought a lot of new regular readers, but also because I’ve received a lot of very interesting comments, which have led to some great discussions.
This is exactly what happened with
this
post when I posted it on Energy Central earlier this week. The post contained a
line “A transformer or substation could no more be subject to an “Aurora-type”
attack than my living room sofa could.” Of course, I chose my living room sofa in
that sentence, since I was trying to think of something that would never have a
microprocessor, and therefore would never be subject to cyberattack.
Sure as shootin’, Bob Meinetz commented
“I recently purchased a $2,300 Bluetooth-compatible sofa with adjustable
reclining features. Please advise if there's a possibility Russian operatives
could cause it to snap shut while I'm kicking back, watching an episode of
"Love Island" - leaving loved ones to find naught but a hand sticking
out from the cushions and a half-eaten hot wing on the carpet. That is NOT the
way I want to go!”
My reply to Bob was “I think you
should consider returning that sofa. It sounds like too much of a risk to me.”
But Bob wasn’t just being
light-hearted. He went on to comment “Digital security is absolute where there
aren't digital components. I think many underestimate the value of
"dumb" safety, of avoiding digital controls completely where
possible, of simplifying control systems rather than making them more
complex. Complexity is often justified by convenience - and convenience always,
always, always comes at a cost in security.”
My dead-serious answer to him was “..there's
no question that de-digitalization would increase security. And going back to
horses would greatly reduce the number of car accidents. Is it likely that
either one will happen soon?”
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. Nor
are they shared by the National Technology and Information Administration’s
Software Component Transparency Initiative, for which I volunteer. If you would like to comment on what you
have read here, I would love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment