Dear Reader,
I haven’t rewritten any other episode more often than this one. By far!
I started with very different solutions for the user stories “S7 - Remote modification of ECU parameters” and “S8 - Remote ssh login as root”. It took me some time and several rewrites to come up with conceptually similar mitigation options.
- By default, nobody can access the harvester from remote. Remote access is disabled.
- A person must be present on the harvester to allow a time-boxed support session. Remote access is only enabled on demand with the explicit authorisation of a second person.
- A remote support person has access to some special functionality only during a very limited time window.
- The actions of both persons are recorded and possibly monitored.
The effort for implementing this concept is fairly low. The EU CRA requires access control any way. Access control solutions are a dime a dozen. Enabling special functionality or starting service on demand is definitely not rocket science. And bonus, it limits attack surfaces.
We can mitigate the violations of many essential requirements with one solution. We should look for such solutions, when assessing the user stories for cyber security risks. At this point, it just means rewriting some mitigation options in a document. This is extremely cheap compared to rewriting, retesting and redeploying software.
Enjoy reading,
Burkhard 💜