Security

Soft and Gooey won’t Hold Back the Night

in ,
A cyber attack has already caused a multi-city power outage, according to a report delivered by Tom Donahue, a CIA analyst speaking at an energy security conference in New Orleans last week. I just hope that people thinking about this are doing a better job thinking about real security than are those in building controls or those I have talked to at energy conferences.

Most control systems engineers seem drawn to what are called egg security strategies. An egg has a nice, crisp, esthetically pleasing security system called a shell securing a soft gooey inside with no barriers whatsoever. When this security system is subjected to the planned security stress, being sat upon in the nest, it holds up perfectly. When subjected to unexpected stresses...

Read More

Bouncer or Prison Guard?

in

Today’s Chapel Hill Herald has a front page on the value that bouncers provide to the town’s economy. It’s an amusing article written for a weekend when the Football team has a bye. It also set me to musing on security, and how building systems never seem to get it right.

Let’s contrast two beefy guys, each working in security. One works at the worst prison in the poorest state. One is a bouncer at an upscale night club.

The article discussed the many roles that bouncer’s around town play. Sure, they stop fights; the better bouncers noticing them before they happen and have a quiet word with someone's friend before they get out of hand. They check ages on the students who want to enter the bar. They spend some time just being highly visible. They prevent those already drunk from entering the bar and they escort those who, even if non-violent, have had too many out. They call cabs. In other words, they add value to the bar and restaurant experience for everyone but the troublemakers, and keep the troublemakers from getting into trouble.

When I was in college, it was popular to go clubbing in New York City (still scary in those days). The better Disco’s would always have a line. How did we know they were better—because of the large bouncers keeping people out. Beautiful people and celebrities would go right in; others would wait in lines that never moved. Even the people who waited in line somehow enjoyed the wait more, because they could watch the A-List go in, and returned to Jersey or Peoria with a story to tell.

If we wore tuxes and evening gowns, and arrived as a group with a good balance of men and women, we always got in. It was important, though, to swarm en masse out of the cab or cabs, arms linked and laughing. Somehow, the same effort that got us by the bouncer meant that we were already poised to have a good time, and to enhance the good time of others in the Club. This meant that we always had a better time when we stayed in our college town, and went out scruffy and alone to see who was in a club.

The ignored bouncer enhanced the value of the experience for everyone who entered the club. He did this by being aware of the situation and aware of the business goals of the establishment. He understands that he provides a service that enhances and enables the other services of the establishment.

Contrast this with the prison guard in the lowest penitentiary. He enforces a consistent experience on the inmates. He may prevent that prison from being an absolute hell. He does not have permission to make many choices. No one will claim that the guard enhances their time in prison. If he does not protect the inner sections of the prison, as well as the perimeter, things can get very bad in a hurry. He is a hygiene factor, necessary but not desirable.

Every time I talk security with building systems guys (or with power grid guys), they tell me “Sure we have security.” They use HTTPS so no one can read our messages. They require long complex passwords so no one can get in. They never talk about enhancing the services offered by the building. They never talk about letting the right people do the right things easily.

Embedded system security sounds just like that Prison Guard. The problem is, we need that situation aware, service oriented bouncer.

Secure this Building!

in ,

There’s an old story told in military circles that illustrates the problems of discussing security. Each of the three forces was told to secure a building. The army arranged for a platoon to set up a perimeter guard around the building. Troops surrounded the building, and let no one out. The Navy sent in the Marines, who took possession of the building, searched it room by room, and set up a guard at all of the entrances so no one could come in. The Air Force contacted a procurement officer, who negotiated a three year lease on the building.

That’s the problem with security. Everyone knows what they mean when they say it, and no one asks what anyone else means.

Proper security is an absolute requirement for modern building control systems. Modern systems have added IP communications, the standard protocol of the internet and sit on the corporate network. If we are going to allow enterprise programmers, and even tenants, to interact with embedded control systems, security is the key. Security is specified as a requirement in every new construction job.

When I ask for security, though, I never know what I am going to get. I am also pretty sure that I will never be asked. Will I get the Army, the Navy, or the Air Force?

Straining the analogy, I can pretty much assume I will get the Army version. Building systems put in perimeter security; nothing gets in or out. To my mind, perimeter security is the most expensive kind.

Perimeter security is too expensive. The control system costs what is costs. I get some minimum value for that cost. Perimeter security means that I will never get more than that minimal value because I cannot get to the systems and their information. Perimeter Security is too expensive because it is the hard way to accomplish results; if I want the system to talk to no one, it is far cheaper and more secure to cut a door into a wall than it is to lock that door carefully. Perimeter Security is insecure because it is not as secure as no access at all.

Until building systems define higher level functions for network access, any security beyond perimeter security indefinable. What does secure access to a temperature setting mean? How to I define the proper access for a C-Level executive, for her administrative assistant, and for a building tenant, if all I have is tags and sensor readings, never defined. IF those tag reading turn into the lobby thermostat, or the building security schedule, then perhaps we have some way to talk about security.

I want better security. I want to have serious discussions about what better security means. But first, we need to define what is being secured.

Security: the path to service

in

Security is a business service. Security is not about keeping people out. If keeping people out was all you wanted, it is far easier to let no one in than to guard a door. Security is about providing the right services to the right person at the right time. Security enahnces every business serviceyou offer.

Security needs to be aware of the situation, it needs to be aware of identity, and it needs to be aware of role. That is, a secure systems always needs to be aware of what is going on, who is trying to do things, and what is their role. A great system should consider delegation as well, i.e., if this person doesn’t have rights, did someone else who does lend them to him.

When each function that can be invoked in a system is aware of these things, then the enterprise is able to offer more services than it could before. A secure organization can extract more value from each of its services and processes. Things costs what they cost, but their value is in how many different ways you can use them. This is particularly true for embedded systems.

Imagine the naturist family living in the city. They can barely open the door; the city offers them no value. Now add clothes to that family. They can go out into the town. They can invite others into their home. Their enjoyment of others is increased. If they want to assert their naturism, they can do it with friends, who have already passed the security checks. Life has improved. Security has enhanced amenity.

To harvest the maximum value from its existing procedures, technologies, and information, an enterprise needs to be secure in everything it does. This is what we call pervasive security. But as I illustrated in an earlier post on pervasive time, security that is everywhere is nowhere in particular.

When you have pervasive security across your systems, each one can be exposed to more people. What value would you find in the following systems if you could somehow share them with others:

  • Security Enhanced Building Systems
  • Third Party Energy Managers
  • Discoverable interfaces to home systems
  • Grid Operations

Great security will enable you to provide better service. This service will enable you to charge a premium over those who do not. It has little to do, however, with trivial techniques,  such as merely using HTTPS for your Web Service. Encryption can be a part of security, but it is not security.

Security is an approach to every aspect of system design, that must built in to the architecture, and into each service in that architecture.