Driving on the road is risky in the physical world. The worst consequence is fatality. There are life-saving measures like air bag, seat belt in the vehicle. As a driver, how do you ensure these measures will work when needed?

No, we can’t but to trust these safety measures will work per design. At most these are checked during vehicle maintenance but no guarantee they work without actually activating the trigger.

Similarly a data exchange link is purposely built to convert TCP with DPI (Deep Packet Inspection) to serial communication in getting around the so-called vulnerable routable protocol in a lock down (both physical & cyber aspect) environment.

Assessment of this communication link appears reasonable to verify properly configured but extending the scope to its surrounding systems how well they are secure will be excessive, overkill and waste of resources.

There are many things we must trust based on our instinct and exercise professional judgment. Otherwise, there is no need to have industry standard. Every minute details have to validate again and again. Human risk, especially incompetent cybersecurity practitioners, remains the top threat in an organization.

Leave a Reply