Jiri’s Notepad

If you are in security profession and think that systems must be made secure at any cost, think twice. One would assume that design making sure system fails in a secure state (one of the requirements in Orange Book ages ago) would be an absolute, but consider the following story (courtesy of Interesting People).

“Thailand’s Finance Minister Suchart Jaovisidha had to be rescued today from
inside his expensive BMW limousine after the onboard computer crashed,
leaving the vehicle immobilized.

Once the computer failed, neither the door locks, power windows nor air
conditioning systems would function, leaving the Minister and his driver
trapped inside the rapidly heating vehicle.”

Obviously car systems designer made the decision that that when the on-board computer crashes, it should go down in ’safe’ mode. Now the question is what safe means. Doors locked, so that noone can get into the parked car? Or door unlocked, in case someone is inside? This conflict of priorities nicely illustrates why the notion that systems should be ‘as secure as possible’ that can be frequently seen, is often not grounded in reality.  Being smart designing the type of security that is in line with the purpose of the system and which does not get in the way of actual use of the product is in most cases much more important.