RE: [smartgrid-discuss] Pricing from the NIST TWIKI

["Larry Lackey" <llackey@tibco.com>]

"Guaranteed" messages with non-repudiation are important, for instance
being used by single enterprises for billions of dollars per year in
purchasing / sales, a situation with some parallels to contracting for
energy.

In other cases, for example, a secure channel, typically SSL/TLS, with
best effort delivery has been "good enough" for other types of messages.

Decisions were made considering the nature of the business relationship
where one size does not fit all, and delivery mode, non-repudiation, and
other options are different dimensions to meet the business
requirements.


-----Original Message-----
From: Arshad Noor [mailto:arshad.noor@strongauth.com] 
Sent: Tuesday, December 30, 2008 11:47 AM
To: Larry Lackey
Cc: Toby Considine; smartgrid-discuss@lists.oasis-open.org
Subject: Re: [smartgrid-discuss] Pricing from the NIST TWIKI

Unfortunately, allowing for this is type of distinction has allowed
"phishing" to become one of the most lucrative attacks for attackers
in the financial industry today.

A bank can choose to send messages to its customers using "best
effort, advisory" messages, or it can send "guaranteed, signed"
messages.  What do you think they do today that allows attackers
to mimic messages on a daily basis about " your account has been
compromised" and to "login and update your credentials"?

If you think that the smartgrid is going to remain impervious to
attackers, think again.  Any time a power-supplier sends out "best
effort, advisory" messages, it will be used to attack consumers and
systems if the attackers can make a buck out of it (and they will
figure out a way to do it).

My recommendation: make *ALL* messages guaranteed and non-repudiable.

This is the only way to assure yourselves that you have a chance of
preventing the kind of mess the financial industry has created for
itself using "best effort, advisory" messages.  There is no guarantee
that "guaranteed, signed" messages will prevent "phishing" attacks
on the smartgrid, but it certainly raises the cost significantly for
attackers - perhaps even enough to completely prevent the attacks
(unless real-world, physical controls are compromised and insiders
collude to game the system).

Arshad Noor
StrongAuth, Inc.

Larry Lackey wrote:
> Messaging standards such as JMS provide different qualities of
service,
> QoS, to meet different business requirements. Both "best effort" and
> "guaranteed" have their place depending upon the situation, for
example:
> 
> Guaranteed in situations where messages have significant legal
> implications and services such as non-repudiation (mentioned below)
are
> appropriate.
> 
> Best effort in advisory type messages.