Let’s follow up our earlier Sci-Tech Newswatch on the Meltdown-Spectre MPU architecture flaw issue. (We see here just how hard it is to create a robust, complex design that can readily be adapted to changes in the environment. Besides, a heads up on a big but under-reported story is helpful.)
In a new Jan 15, 2018 report on Meltdown in The UK’s The Register, we may read:
>>Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.
SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains.
Rockwell Automation revealed that the same patch had caused issues with Studio 5000, FactoryTalk View SE, and RSLinx Classic (a widely used product in the manufacturing sector). “In fairness [this] may be RPC [Remote Procedure Call] change related,” said cybersecurity vulnerability manager Kevin Beaumont . . . .
The expected and well-publicised system slowdown issues from Meltdown and Spectre patches (Reg reports here, here and here) have been accompanied by even more irksome stability problems on some systems. Incompatibility with Microsoft fixes released on January 3 freezes some PCs with AMD chips, as previously reported.
An Ubuntu Linux kernel update prompted by Meltdown caused systems to become unbootable. Patching against CVE-2017-5753, CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) affected both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.>>
Let’s keep an eye on this story.
For one, it is looking like software patches are not going to be a good enough long term solution. I am thinking, re-architecting the system design and a new generation of “safe” processors. Perhaps over the next 2 – 3 years?
While we are at it, this is an ID blog. What is this telling us about how hard it is to factor in robustness against future unknown changes and challenges in environmental constraints on systems? Is it plausible for blind processes acting alone to develop high complexity robust systems? END