funsec mailing list archives

Re: Securing The Wrong Spaces: A Lesson

From: "Dennis Henderson" <hendomatic () gmail com>
Date: Thu, 21 Feb 2008 08:40:39 -0600

On Thu, Feb 21, 2008 at 1:08 AM, Paul Ferguson <fergdawg () netzero net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via techdirt.com.

[snip]

A brand new Japanese warship that apparently has the country's latest and
greatest radar system, was unable to spot a fishing boat in its path,
leading to a collision and two missing fishermen. This is raising all
sorts
of questions about the quality of the radar system, but some are saying
that the collision was really due to human error and that the radar system
is designed more to watch out for missiles in the air, rather than ships
below it.

That's a fair enough response, but does point out that vulnerabilities
come
from all directions -- and you can make the best system in the world, but
if it's looking for the wrong thing, it won't stop something bad from
getting through. It does seem rather ironic to set this ship up to be the
best in the world at spotting threats from the sky -- and forget to
include
a decent system to find threats right next to it in the sea.

[snip]

Link:
http://techdirt.com/articles/20080219/021718291.shtml

There is a great security lesson to be learned here -- if you're
focused on securing only a subset of the entire threat landscape,
the insecurities will generally occur in the places you're not
focusing on.

I  can't possibly fathom they would be using the same radar for inbound
missile detection as they would for normal maratime navigation.

Another case of the reporter not asking the right questions and  coming up
with the wrong conclusions..

Where the heck was the bridge crew?

Blame the guy steering the boat, not the Aegis system. Sure this error  may
cause the boat to be neutralized, but the topic was critical to the advanced
radar system. I supposed they could have turned it on the boat and watch it
burst into flames....

:)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Securing The Wrong Spaces: A Lesson Paul Ferguson (Feb 20)
- Re: Securing The Wrong Spaces: A Lesson Dennis Henderson (Feb 21)