If you compare the software development profession to other professions who may have a direct impact to public safety and critical infrastructure you will notice a major difference. People who impact our daily lives include professionals such electricians, and plumbers. These folks maintain, build, and repair parts of our society that are required to keep our infrastructure running.
Would you feel comfortable moving in near an operating nuclear plant that had been plumbed and wired by a bunch of random folks who learned through trial and error at home to put together such a complex system? Today people live near operating nuclear plants that have been plumbed and wired by licensed experienced professionals, yet all of the control systems and operating systems were written by people who require no training or licensing. Think about the critical importance of the physical control systems in these complex systems such as the vital importance of being able to put water into the reactor to control the heat produced.
If the plumbing wasn’t correct, the reactor could experience catastrophic failure. However, what controls the valves that send that water through the pipes? What controls the operation of the radioactive fuel rods? Computer controls which are run by applications developed by application developers who have not necessarily gone through a licensing program to ensure they are qualified to code the controls for these critical systems.
There was some concern back before the Internet in the days where software could fail and cause an outage or sometimes a more critical situation. Those concerns were about failures though, we weren’t necessarily concerned about the bad guys gaining remote control of our infrastructure with malicious intent.
That is because the infrastructure was not accessible outside of the closed system upon which it ran. The bad guys would have needed to infiltrate the facility physically.
Today we have a different world. We have a fully networked and connected world which eliminates the need to physically break into a facility. The world took the control networks and linked them outside the facility so they could remotely monitor and control the physical infrastructure with less people. Centralized control centers were built that could monitor and control more infrastructures from a single location and using a smaller team of people.
These centralized control systems required connections to locations outside the physical complex and required the infrastructure to be modified to allow remote controls. The benefit is it is far cheaper to monitor and control the system; the down side is we are now susceptible to having a remote attacker seize control of the facility without ever physically visiting the location.
The SCADA (supervisory control and data acquisition) systems were initially designed as closed non-connected systems. They did not have the worry of remote attackers trying to breach them so now that they are connected, many security vulnerabilities are being discovered. What is the solution to make sure the software and systems controlling our critical infrastructure are secure?
Should software developers be licensed and certified prior to permitting them to work on public code? This is a question that has been weighing on my mind of late. I had some work done on my house and to change out my furnace I had to have plumbers, and electricians make some changes all of which were examined by an inspector. Each trade had to be licensed and the inspector then reviewed all of the work performed by those licensed professionals.
I think it is a bit strange that the person installing the sinks in a nuclear power facility has to pass through an apprenticeship and then journeyman program, achieve certifications, pass tests, and get licensed to install those drains, while the people writing the software to control the nuclear fuel rods, and power transmission facilities have no journeyman program, licensing, or certification required to perform their work.
Computer attacks today have the ability to take advantage of coding errors in the control software of some very serious things. Power grids and generation, water distribution, natural gas and oil distribution systems, sewer controls, railroad routing, traffic light control, air traffic control to mention a couple of concerns right off the top of my head.
Yet, despite numerous hacker attacks against critical infrastructure we don’t see our lawmakers raising concerns about ensuring the people writing the control systems for these infrastructures are certified and qualified to perform that type of work to ensure that our vital life sustaining systems remain online, operational, and secure. I would hope that with strong educational support, an apprentice and journeyman program, certification path, and licensing, that the software applications would gain greater security, reliability, and better performance.
We need to start considering software to be the equivalent of plumbing and electrical systems in our society today. Now that my television, refrigerator, and car have become fully networked and attached to the internet the security of these devices is very important. I am not so much concerned about someone seeing what is in my refrigerator, but I would prefer an attacker not be able to activate the brakes in my car while I am driving down the interstate.
The world has become much more complex and interconnected in the last few years and I do not see that slowing down anytime soon. Who is paying attention to the security of these devices as we continue to connect them to the global network community?
My fear is that security is not really a concern by the product people developing these systems and devices. When you add all of the personal devices, people’s homes and vehicles, critical infrastructure like power, fuel, and water, and the myriad of control systems which are all connected to the internet, the world is looking at a potentially significant security problem.
Many of the security holes we patch every month from the major software vendors are actually very simple mistakes made when writing the code. Buffer overflows and improper error handling are probably the most common security issues in applications today.
We the users of these products are expending enormous resources patching or dealing with security fallout regarding these relatively simple errors that should have been avoided when the program was written.