When CSL made their statement last Friday, it was noticeable that they didn’t actually claim that any of my report was false. To me, that implies that the content of the report is true.
CSL should be answering questions right now, but are maintaining silence.
If you are a big customer of CSL, I would be asking:
- What encryption methods do your new devices, the Gradeshift and DigiAir, use?
- How often are the keys changed on these devices?
- If there was a serious security issue requiring the firmware to be updated, who pays for it?
- Do these devices have SMS controls? If so, what is the PIN and how do I change it?
- Are any of the device in my estate using the encryption mentioned in the report?
I suspect answers won’t be forthcoming.