Hi, thanks for describing scenarios!
On 2022-9-30, at 13:32, Randy Armstrong (OPC) <[email protected]> wrote: > Scenario 1) A device with a trusted certificate is compromised and starts > probing other devices in the network in ways that make no sense given its > role. This is detectable based on traffic matrix changes, even when all traffic is encrypted. > Scenario 2) A connection from a device is established using a valid > certificate that was not assigned to that device. Certificates are typically tied to the identities of devices in ways that are verifiable. > Scenario 3) A device is misconfigured and attempts a valid write to a PLC at > a time when the configuration of the PLC should not be changing. Could you explain what a PLC is? Also, I don't understand how plaintext traffic would prevent writes at inopportune times? Thanks, Lars
signature.asc
Description: Message signed with OpenPGP
