It's kind of like Hydrogen Sulfide gas. Yes, everybody knows it stinks. But
did you know that if you stay in it for any length of time that you
don't smell it any more? Security compromises are like that.
--------------------------------------------------------------------------------
I suspect many of you know me. I'm Jake Brodsky. I write online about
SCADA from the perspective of an asset owner. A lot of people tell me I
write good stuff. Most think I have my head screwed on pretty well.
(If I don't, I would appreciate some guidance on what kind of cranial
rectosis I'm suffering from.) I just call it like I see it. And while
I'm no genius, I am close enough to where the action is so that my
vision, however fuzzy it may be, is hopefully close to the mark.
So you can imagine what happened with the guys who did our first
security audit were thinking. We're going to audit the place where Jake
Brodsky works? Why? He probably has a great set up. ---Well, no.
Actually we don't. Are we better than average? I sure hope so. But
there is always room for improvement.
Actually, even if we were Gifted by God to be the best SCADA Security
specialists there ever were, we'd still need an outside audit. It's
kind of like Hydrogen Sulfide gas. Yes, everybody knows it stinks. But
did you know that if you stay in it for any length of time that you
don't smell it any more? Security compromises are like that. You're
doing business that way for a long time and you forget what kinds of
risks that compromise represents. You may have forgotten to look at
newer ways of moving the information across.
We need a fresh face to point at that little box in a corner and ask
"What's that? --It stinks!" These are things that we've been living
with for so long that we forget about them.
I won't be revealing anything that the audit turns up. But I will try
to share a few broad outlines of what I learn.
That's the way this business works. If you're not learning something
every day, you're going to become a victim of your own ignorance.
Jake Brodsky