about Ukraine Power Outages
Its everywhere over internet now and these two links came in my twitter feed:
http://dmcc.com.ua/uslugi/oblenergo/ http://eknis.net/en/solutions/SCADA-remote-control-systems/
Why do they put so much info over the internet? Same thing happens here also. Pick up any tender of public sector and you will find OSversion, Hardware, Network infra. Its just stupid.
The best part was:
Telemechanics systems made by Electrotechnical company “Eknis-Ukraine” are based on technical devices complex *** RTU560 by ABB*** . RTU consists of the following elements: - Processor module (560CMG10, 560CMD11 or 560CMU02); - Remote signaling module (23BI61, 23BE50 or 23BE23); - Remote metering module (23AI60, 23AE23 or 560CVT02); - Remote control module (23BA40 or 23BA20); - Industrial Ethernet switch, wired modem or wireless router; - Micro-server ItekWEB for connecting to electrical meters or irregular substation equipment, controllers of which have interface output.
One nation under CCTV
I may use it in future (presentation):
The secretive graffiti artist (Banksy) managed to erect three storeys of scaffolding behind a security fence despite being watched by a CCTV camera.
The work, above a Post Office yard in Newman Street near Oxford Circus, shows a small boy, watched by a security guard, painting the words: ‘One nation under CCTV.’
Feeling and reality of Security
While on a flight from B’lore I read the Bruce Schneier paper ‘The Psychology of Security‘. He talks about Reality of security which is based on probability of different risk and effectiveness of countermeasure. Feeling which is based on psychological reaction to both risks and countermeasures. Some notable:
‘Security costs money, but it also costs in time, convenience, capabilities, liberties and so on’ ‘When we didn’t know the magnitude of the attacks or the extent of the plot, grounding every airplane was a perfectly reasonable trade-off to make.’ In response to 9/11. ‘It makes no sense to just look at security in terms of effectiveness. “Is this effective against the threat?” is the wrong question to ask. You need to ask: “Is it a good trade-off?” ‘There are several specific aspects of the security trade-off that can go wrong. For example: 1. The severity of the risk. 2. The probability of the risk. 3. The magnitude of the costs. 4. How effective the countermeasure is at mitigating the risk. 5. How well disparate risks and costs can be compared.’ ‘People underestimate risks they willingly take and overestimate risks in situations they can’t control.’
Table on people and risk perception is very interesting.
The section on ‘Risk and the Brain’ talks about ‘amygdala’ which is responsible for processing base emotions, reacting to threats and ‘neocortex’ which is intelligent and analytic and slower. Both parts operate in parallel and it’s hard for the neocortex to contradict the amygdala.
Heuristics (shortcuts, rules of thumb, stereotypes and biases) affect how we think about risks, how we evaluate the probability of future events, hwo we consider costs, and how we make trade-offs. How we perceive the risk is what causes feeling of security to diverge from the reality of security. Prospect theory recognises that people have subjective values for gains and losses. The first is that a sure gain is better than a chance at a greater gain. (A bird in the hand is better than two in the bust.) And the second is that a sure loss is worse than a chance at a greater loss.
Framing effect: People’s choices are affected by how a trade-off is framed. Frame the choice as a gain, and people will tend to be risk averse. But frame the choice as a loss, and people will tend to be risk seeking.
This is very amazing: ‘And it’s not just that we don’t think bad things can happen to us, we-all things being equal-believe that good outcomes are more probable than bad outcomes. This bias has been repeatedly illustrated in all sorts of experiments.’
In Probability Heuristics: ‘Small numbers matter much more than large numbers. Whether there’s one mango or ten mangos is an important distinction, but whether where are 1000 or 5000 matters less-it’s a lot of mangos, either way. It’s the same joke: “half the time, one quarter of the time, one withth of the time, almost never.” And whether whatever you’re measuring occurs one time out of ten thousand or one time out ten million, it’s really just the same: almost never.’
In any decision-making process, easily remembered (available) data are given greater weight than hard-to-remember data. People will be persuaded more by a vivid, personal story than they will by bland stats and facts, possibly solely due to the fact that they remember vivid arguments better.
…we get a lot of sensory input from the media. That screws up availability, vividness, and salience, and means that heuristics that are based on our senses start to fail. Very true as that’s what is happening.
The experiment of ‘mental accounting’ is excellent one. Small costs are often not ‘booked’. Subjects were asked two same questions: would you drive 20 minutes to save $5?. In first case Jacket for $125 and calculator for $15 but 20 minutes drive and you will get the same calculator for $10. In second case calculator for $125 and jacket for $15 but 20 minutes drive and you will get the same calculator for $120. 68% of subjects would make the drive to save $5 off the $15 calculator, only 29% would make the drive to save $5 off the $125 calculator.
The order in which the alternatives are listed affects the results. People are more likely to notice evidence that supports a previously held position than evidence that discredits it. This all relates to security because it demonstrates that we are not adept at making rational security trade-offs, especially in the context of a lot of ancillary information designed to persuade us one way or another.
Before reading this paper I had the perception that Risk Mangement (InfoSec) is still in infancy but now I doubt we have even reached the infancy!
Ideasfoundry 
leave a comment