Tuesday, February 10, 2015

Discussion of SCADA and Multitenant Environments

Here's a reminder that a technical control failure can be driven by management/administrative and/or governance failures. Recently, a conversation focused on multitenant environments handling very different data types and sensitivities.

I would not put SCADA/PLC power distribution control systems on the same physical frame as consumer payment processing or anything else externally accessible. It's not simply a matter of whether the system can be secured. It's a matter of who is ultimately responsible for the security of the system. The security of the system is going to be hard enough. If there is confusion as to who is responsible for system security, then you significantly increase the likelihood of control failures from system drift over time.