funsec mailing list archives
Re: Securing The Wrong Spaces: A Lesson
From: "Dennis Henderson" <hendomatic () gmail com>
Date: Thu, 21 Feb 2008 08:40:39 -0600
On Thu, Feb 21, 2008 at 1:08 AM, Paul Ferguson <fergdawg () netzero net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via techdirt.com. [snip] A brand new Japanese warship that apparently has the country's latest and greatest radar system, was unable to spot a fishing boat in its path, leading to a collision and two missing fishermen. This is raising all sorts of questions about the quality of the radar system, but some are saying that the collision was really due to human error and that the radar system is designed more to watch out for missiles in the air, rather than ships below it. That's a fair enough response, but does point out that vulnerabilities come from all directions -- and you can make the best system in the world, but if it's looking for the wrong thing, it won't stop something bad from getting through. It does seem rather ironic to set this ship up to be the best in the world at spotting threats from the sky -- and forget to include a decent system to find threats right next to it in the sea. [snip] Link: http://techdirt.com/articles/20080219/021718291.shtml There is a great security lesson to be learned here -- if you're focused on securing only a subset of the entire threat landscape, the insecurities will generally occur in the places you're not focusing on.
I can't possibly fathom they would be using the same radar for inbound missile detection as they would for normal maratime navigation. Another case of the reporter not asking the right questions and coming up with the wrong conclusions.. Where the heck was the bridge crew? Blame the guy steering the boat, not the Aegis system. Sure this error may cause the boat to be neutralized, but the topic was critical to the advanced radar system. I supposed they could have turned it on the boat and watch it burst into flames.... :)
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Securing The Wrong Spaces: A Lesson Paul Ferguson (Feb 20)
- Re: Securing The Wrong Spaces: A Lesson Dennis Henderson (Feb 21)