Abstract
Simon Foley: This is work that evolved by accident. Last year I started a project on industrial control system security, and by way of educating myself about the kinds of things that can go wrong, I used Shodan to search for an existing Industrial Control System connected to the Internet. I gave my first version of this talk in March 2016, and have given it a couple of times in the interim. Each time I prepared for the talk, I revisited the ICS, and each time its configuration had changed. This talk is what I learned from that experience.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Shodan reported other services available, including PPTP and CWMP, and the reader of this transcript is directed to Sect. 2 of the associated paper for further details. In short, it illustrates that security is not as simple as ensuring that just one objective is met.
- 2.
A cartoon entitled The Professor’s invention for peeling potatoes by Heath Robinson.
- 3.
On being alerted to this issue, the advice was removed from the Manufacturer’s website.
- 4.
The reader of this transcript can find the account of these changes and their security implications in Sect. 4 of the accompanying paper; they provide the tale on how difficult it can be to get multiple security objectives right.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Foley, S.N. (2017). Getting Security Objectives Wrong: A Cautionary Tale of an Industrial Control System (Transcript of Discussion). In: Stajano, F., Anderson, J., Christianson, B., Matyáš, V. (eds) Security Protocols XXV. Security Protocols 2017. Lecture Notes in Computer Science(), vol 10476. Springer, Cham. https://doi.org/10.1007/978-3-319-71075-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-71075-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71074-7
Online ISBN: 978-3-319-71075-4
eBook Packages: Computer ScienceComputer Science (R0)