nBlog

On Security and Leadership

::: nBlog :::

After reading the latest editions of Scientific American and Suomen Sotilas I was again enraged to see how some prominent writers are attacking the technological development of Smart Grids and general communications with all kinds of security arguments. At the same time there is no criticism towards the insecurity and obscurity of the existing systems that have been designed in the 70s and 80s. How ostrich is that?

The Stuxnet worm that attacked power plant systems (eg. in Iran) clearly demonstrated that it is actually easier to hack into your local power plant than to your local web enabled bank. Banks are continuously developing their systems in order to defend against cyber attacks, and most of them have succeeded well enough, with service availability levels at 99.9% or better.

In an interconnected world, security is just as important as before. It just needs different kind of engineering, but it is definitively not rocket science. Take IPv6 and IPSEC, developed more than 10 years ago – both offer formidable functions for encrypting data and verifying identities. In a properly engineered IPSEC network, an attacker cannot even know whether his or her malicious packets are arriving at the target – as it stays dead silent unless the attacker has the strongly encrypted key. Getting that key is much more difficult than slipping a USB device inside a power plant. (Yes, that USB device should conform with the same security framework, requiring the encrypted key before being accepted)

So why aren’t IPSEC and IPv6 in widespread use? I think that the reason is the typical (but irrational) resistance to change. When power systems have not been (badly) compromised in 80 years, people gain a dangerously false feeling of security and invent reasons for inaction.

The only way to maintain proper security is to develop systems continuously and embrace new technologies quickly so that security holes in old systems are recognized before they are used by attackers. That just takes bold leadership and ability to grasp large concepts. Clausewitzian thinking, again.

//Pasi

Share on Facebook

Leave a Reply Cancel reply

More to explore

nBlog

Virtual Masters for Appliances – Digital Twins in the House

The vision of homes that anticipate their inhabitants’ needs and adjust to their preferences and daily patterns has been long talked about. At the core

April 12, 2024

nBlog

Educate your customers about full lifecycle management. Now.

In an our current time with sustainability being more than just a buzzword, also consumers should be guided towards making the more responsible choices. Companies

March 27, 2024

nBlog

Right Away Launchable Minimum Viable Products through Digital Twins

Launchable Minimum Viable Products through Digital Twins – The Future of Manufaturing Today Digital Twins, when implemented properly, are reshaping industrial manufacturing by unlocking unprecedented

March 14, 2024

Since our establishment in 2001, BaseN has been a leading provider of our IoT and Digital Twin BaseN Platform, driving digital innovation and creating mission-critical situational awareness for businesses.

Sign up for our newsletter

By clicking “Sign up”, I agree to BaseN’s Privacy Policy.

BaseN® and SPIME® are registered trademarks of BaseN Corporation within the United States and the European Union