Headlines about ‘Toxic’ anything are pretty catchy to those of us with process plant background. As a PI geek with security chops, I really wanted to understand Schneier’s idea.
Let’s first refresh with a Wikipedia on terminology. ‘Toxic Asset’ was popularized by the financial sector as a financial asset whose value has fallen to a point there is no longer a functioning market. My home office boneyard is a testament to the notion that there is no longer a functioning market for some of my data records!
Of course the article is really about theft of personal information so the title is a bit of a teaser. Indeed, I’ll agree that ‘data brokers save everything about us they can get their hands on’ and that it’s fairly cheap to do so. I also liked this snip it: Figuring out what isn't worth saving is hard!
That part reminds me of the PI System. You invest a lot in automation systems. You should collect it all in the PI System.
But is that safe? Does OT data go toxic like IT data? When does the value of process data become so low there is no longer a functioning market for it? There are probably a few answers but for the most part it seems to be another case where a traditional IT security model just doesn’t apply all that well to typical OT use cases.
On the other hand, OT systems are always potentially dangerous. Not really because we are storing all the data, but because OT systems are linked to physical control systems they can cause damage when something goes wrong or when abused by a miscreant.
The PI System is designed for monitoring which eliminates the hazard and complexity of control functions. We wanted to emphasize this design factor in our PI Interface and Connector products so you'll notice the read only deployment model is our top recommendation.