> Yes, building a safe airplane is doable.
It didn't start out that way.
And now only FAA/EASA etc. certified companies and individuals can build a commercial aircraft.
And they can only build the aircraft they are certified to, using the same certified components, and the same certified tools. They cannot change any aspect of the construction without another round with the authorities.
Let me know when the CIOs of listed companies are up for that kind of lifestyle for their email and word processors.
> Let me know when the CIOs of listed companies are up for that kind of lifestyle for their email and word processors.
I think you're absolutely right that this kind of rigidity is not part of our tech culture, but maybe it should be if that tech is running power grids, [oil] pipelines, and other critical infrastructure.
In summary - maybe we should spend more money so that we get systems which are reliable and resistant to this kind of attack. (_I_ think that's probably a good investment for power/transit/core network/safety systems)
"this kind of rigidity is not part of our tech culture"
Yes and no. "No" because there are best practices and bits of midleware that although may still get improvement over time, receive nevertheless fewer and fewer changes (and have logarithmic looking dynamic of development). They mature. Advising strongly things that passed the test of time and broad use scrutiny just makes sense, regardless if that may look "rigid". (Not that many implement their own double linked lists nowadays.) Then "yes" because the our "tech culture" pool is big enough to also accommodate fashion, hype, and a whole lot of other psychosocial can of worms...
"And they can only build the aircraft they are certified to, using the same certified components, and the same certified tools."
And that level of rigor is appropriate for the stakes that selling mass produced commercial aircraft implies. The discussion context was critical systems. But then you threw "word processors" in there. Why?
Because word processor documents have often been the vectors for attacks. And once an attack is inside your systems, there is nothing preventing the attack attached to a document from infecting and encrypting your machine or infecting your PLC and destroying your industrial equipment.
I'd say that the surface of attack here is the industrial equipment's link to general computing equipment (which it's expected to be less secure). The solution just can't be to secure the whole world of software that may somehow end up on general use computers. The point is, my remark is still valid, as a discussion on critical systems got mixed with clearly non-critical ones.
I don't think you confused the issue there at all, but forced a clarification of boundaries. The safety critical PLC industrial controller network should be isolated from the Net, however, even with the pipeline hack, the shutdown of the PLC network was due to compromise of billing systems, which are non-safety critical to the immediate user population (administration) but mission critical to the architecture of the western, market-mediated economic activity. You can't secure those systems perfectly, though we can definitely do better. The correct response, however, in this case is effective deterrence of those looking to engage in cyber offensives. Like it or not, when you can sit back outside the reach of effective enforcement measures, and cause mayhem and havoc, and make a buck doing it financial incentivization mechanisms pretty much ensure it will happen.
I just hope we don't take it too far. Many young and talented people in the CS and IT space cut their teeth testing the limits of legitimate access without pushing into the full on destructive regime these attackers have.
I'd hate to see things cracked down on so hard we lose a good signal for talent because we decide that the integrity of cyber systems must be defended at all costs. However, there needs to be a much more pronounced reaction to the types ofor blatantly malicious activity that has been escalating for the past decade or so.
Dual path systems came first. Regulation came much later, it wasn't a prerequisite. Regulation didn't design airplanes, it standardized existing practice.
And now only FAA/EASA etc. certified companies and individuals can build a commercial aircraft.
And they can only build the aircraft they are certified to, using the same certified components, and the same certified tools. They cannot change any aspect of the construction without another round with the authorities.
Let me know when the CIOs of listed companies are up for that kind of lifestyle for their email and word processors.