Toerless Eckert <t...@cs.fau.de> writes: >If you want to get really scared of how outdated security designs are in >industrial IoT, take a look at this talk: > >https://media.ccc.de/v/37c3-11717-why_railway_is_safe_but_not_secure
In defence of rail-control software, when you're dealing with several hundred tons of metal hurtling along at 300+ kmh then it's understandable that security ranks a long, long, long way behind safety. For example French trains use coded procecssors in critical systems that store a code alongside each variable which is updated on each change of the variable and can detect errors caused by bit flips, data corruption, and other issues. Although there are automated tools that claim to generate code to do this, it's traditionally been done by a very carefully selected group of developers who aren't let out much and are never given access to sharp objects because of what they might do with them. Needless to say, once a system like this is developed, verified, and certified, it never gets touched again - the software above dates from the late 1980s and AFAIK is still in use. Peter. _______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
