U.S. Plans Cyber Shield for Utilities, Companies

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Jul 8 14:12:23 UTC 2010


On Wed, 07 Jul 2010 19:16:27 -1000, Michael Painter said:

> I find it hard to understand that a nuclear power plant, air-traffic control
> network, or electrical grid would be 'linked' to the Internet in the interest
> of 'efficiency'.  Air gap them all and let them apply for "Inefficiency Relief"
> from the $100 million relief fund. 

OK, so you airgap the whole thing, and apply for "Inefficiency Relief" to help
pay for those 2,397 separate dark fiber dedicated links you need to contact
your 2,397 remote sensing stations and control points. And of course, since you
end up burning a *lot* of dark fiber pairs when every utility starts doing
that, the provider gets to go back and put a whole lot more 96-pair or whatever
alongside the previous bundle, driving prices back up after our long-term fiber
glut.

And then you discover that your actual network reliability goes *down*, because
getting your provider to troubleshoot your measly 64K channel is a pain and
takes a long time to get results - whereas if you went commodity Internet your
packets are now mixed in with everybody else's on a important 10GE link.  Sure,
that 10GE link may be just 2 fibers over in the same bundle - but guess which
one will probably be spliced first after the backhoe hits? (Plus of course, if
37 of those 2,397 links were in the bundle, it's going to take 37 splices to
get you 100% back up, instead of just one splice....)

What's the going rate these days that you have to pay to make sure your fiber
gets spliced first rather than that other customer's 10GE?  And what's it
cost to do it for all 2,397 links?  And if your electrical-grid fiber is
in the same cable as the other customer's ATC cable, who gets spliced first?

If you have a single point of failure in your design, you really want to
make sure that the point is heavily fate-shared with enough other customers
that the provider will feel *really* motivated to fix your problem. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100708/3e27b7f6/attachment.sig>


More information about the NANOG mailing list