System Complexity and Security Trends

There is an on-going thread concerning system complexity and security trends on the SCADA perspective listserver. In order to maintain the very high reliability required of control systems, they are built on the KISS principle - "Keep It Simple Stupid." System complexity goes against the KISS principle. Consequently, my first observation is the thread is missing "reliability." As systems become more complex, the potential for unanticipated impacts increases significantly. Many of the discussions on the listserver focused on traditional security issues such as authentication and new IT technologies such as "cloud" computing. With new initiatives such as the Smart Grid and fleet asset management, control systems will be exposed to even more complexity. There have been some very significant control system cyber incidents caused as a result of increased system complexity. At least one incident led the shutdown of a nuclear plant. A significant part of the solution is not new technology, but more appropriate security and design policies, procedures, and training.  This is an area that will be discussed in detail at the 2009 Control System Cyber Security Conference to be held the week of October 19th in the Washington DC area.

Joe Weiss