Security

Spam & Smart Grid Operations, Privacy & Civil Rights

in , , ,

Spam has changed how we think about email, and automated monitoring and control needs to change how we think about privacy. If you make something very much easier and cheaper, it is no longer what it once was. Smart phones, smart buildings, and smart grids are now at the center of privacy law. Privacy is the ground upon which the battle for the preservation of the 4th amendment will be won or lost.

A serious of court decisions, each looking more to a desired end than to the constitution, are using technology to redefine what “reasonable” means in the 4th amendment to the US Constitution. If we are not careful, smart grids might destroy the last remaining realms...

Read More

Parsimony and Security

in , , ,

I have been thinking about security and parsimony lately. Security is not merely about confidentiality or even identity. It is about predictability and integrity. Challenges to predictability and integrity occur not only malefactors, but from those who develop, test, and maintain systems. Even interoperability is a part of security, introducing new sub-systems, or upgrading old ones, can introduce unanticipated interactions and failures.

Read More

Cybersecurity for smart buildings and the smart grid

in , , ,

Building systems have until now been secured only for interaction between their parts. Schemes such as shared tokens used on open networks serve the purpose of isolating systems from interaction. They do not address the more intriguing security issues of interaction with non-system actors. These non-system actors may be agents from other systems, business process from other companies, or even direct consumer access.

Today’s shared token security schemes are only thinly deployed...

Read More

Pervasive Security and Control Systems

in , , ,
With cybersecurity so much in the news, I found myself in a heated discussion the other day about whether IT should take over SCADA, and in particular SCADA security, or whether it should not. SCADA (System Control And Data Acquisition) refers to the technologies that run large processes. In common use, it refers primarily to the large distribution systems, such as those for electricity, water, and gas. SCADA systems were usually designed to operate with the extreme resource constraints of last generation technology. SCADA systems have traditionally been secured primarily through isolation. Any signal that breached the outer shell was considered trusted.

Read More