<div dir="auto"><div dir="auto"></div><span style="font-family:sans-serif;font-size:12.8px">The only possible issue depends on whether you view FPGAs as computerised or not given their programmability. And as you know, some regulatory domains would treat FPGAs as a computerised system</span><div dir="auto" style="font-family:sans-serif;font-size:12.8px"><br></div><div dir="auto" style="font-family:sans-serif;font-size:12.8px">Regards</div><div dir="auto" style="font-family:sans-serif;font-size:12.8px">Fred</div><div dir="auto" style="font-family:sans-serif;font-size:12.8px">(My views, not those of my employer)</div><div dir="auto" style="font-family:sans-serif;font-size:12.8px"><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 19 Jun 2020, 18:56 Peter Bishop, <<a href="mailto:pgb@adelard.com" target="_blank" rel="noreferrer">pgb@adelard.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<p>I seem to recall some analysis that showed air-gaps were very
difficult to achieve/maintain.</p>
<p>Perhaps a non-computerised safety-critical system is one way to
prevent interference<br>
Not so difficult these days with FPGAs and ASICs. <br>
</p>
<p>Peter<br>
</p>
<div>On 19/06/2020 03:20, Les Chambers
wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I
recently had cause to research current vulnerabilities in
our
Internet security regimes. I uncovered some mind blowing
stuff particularly
relating to man in the middle attacks and how easy it is,
firstly on local area
networks and secondly in transport layer security where I
thought we were safe.
If you want to be really afraid just Google 'SSL strip'. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Security
experts seem to have given up on LAN security because
of the massive rollout of firmware in network cards. That
code was written when
security wasn't an issue. And it's everywhere. And it will
not be fixed. Ever.
Wireless nets are another very sad story. Easily breakable
from a range of 800
metres with the right antennas and equipment. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I'm
sure better minds than mine are trying to fix these problems
with various security wrapper strategies but I was amazed to
find that the
problems havn't been solved. Maybe it's because we have too
many engineering
minds working and not enough criminal minds. There is a
difference I'm told by
a Professor of computer science.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">You
may have noticed that the keys are getting longer. I'm
advised that this is not because computers are getting
faster. It's just that
the math is getting better. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">So,
like coronavirus there may never be a cure. We must all just
suffer.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">So
if you've got a safety critical system your only option is
AIR GAP. And I'm sure there is someone out there who would
give me an argument
on that.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Enjoy
your day.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Cheers<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Les<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" lang="EN-US">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" lang="EN-US"> systemsafety
[<a href="mailto:systemsafety-bounces@lists.techfak.uni-bielefeld.de" rel="noreferrer noreferrer" target="_blank">mailto:systemsafety-bounces@lists.techfak.uni-bielefeld.de</a>] <b>On
Behalf Of </b>Martyn
Thomas<br>
<b>Sent:</b> Thursday, June 18, 2020 6:22 PM<br>
<b>To:</b> <a href="mailto:systemsafety@lists.techfak.uni-bielefeld.de" rel="noreferrer noreferrer" target="_blank">systemsafety@lists.techfak.uni-bielefeld.de</a><br>
<b>Subject:</b> Re: [SystemSafety] "Ripple20
vulnerabilities will haunt
the IoT landscape for years to come"<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p>From the description<a href="https://www.zdnet.com/article/ripple20-vulnerabilities-will-haunt-the-iot-landscape-for-years-to-come/" rel="noreferrer noreferrer" target="_blank">
in the linked article</a>, the three most serious
vulnerabilities seem to be
buffer overflows. Such errors are easily avoidable but new
vulnerabilities will
continue to be built into products until programmers change
the way they write
and verify software. <u></u><u></u></p>
<p>Thousands of development teams have incorporated these
library routines in
their products and, unsurprisingly, failed to find the
vulnerabilities in their
testing. Yet today, thousands of development teams will
continue to resist
using better methods, tools and languages.<u></u><u></u></p>
<p>As Tony Hoare wrote decades ago: ‘In any respectable branch
of engineering,
failure to observe such elementary precautions would have long
been against the
law.’<u></u><u></u></p>
<p>Martyn<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
The System Safety Mailing List
<a href="mailto:systemsafety@TechFak.Uni-Bielefeld.DE" rel="noreferrer noreferrer" target="_blank">systemsafety@TechFak.Uni-Bielefeld.DE</a>
Manage your subscription: <a href="https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety" rel="noreferrer noreferrer" target="_blank">https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety</a></pre>
</blockquote>
<pre cols="72">--
Peter Bishop
Chief Scientist
Adelard LLP
24 Waterside, 44-48 Wharf Road, London N1 7UX
Email: <a href="mailto:pgb@adelard.com" rel="noreferrer noreferrer" target="_blank">pgb@adelard.com</a>
Tel: +44-(0)20-7832 5850
Registered office: 5th Floor, Ashford Commercial Quarter, 1 Dover Place, Ashford, Kent TN23 1FB
Registered in England & Wales no. OC 304551. VAT no. 454 489808
This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.</pre>
</div>
_______________________________________________<br>
The System Safety Mailing List<br>
<a href="mailto:systemsafety@TechFak.Uni-Bielefeld.DE" rel="noreferrer noreferrer" target="_blank">systemsafety@TechFak.Uni-Bielefeld.DE</a><br>
Manage your subscription: <a href="https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety</a></blockquote></div></div>