U.S. Plans Cyber Shield for Utilities, Companies

Thu Jul 8 17:13:25 UTC 2010

> -----Original Message-----
> From: Brandon Ross
> Sent: Thursday, July 08, 2010 6:52 AM
> To: Michael Painter
> Cc: nanog at nanog.org
> Subject: Re: U.S. Plans Cyber Shield for Utilities, Companies
> 
> On Wed, 7 Jul 2010, Michael Painter wrote:
> 
> > Have we all gone mad?
> > I find it hard to understand that a nuclear power plant, air-traffic
> control
> > network, or electrical grid would be 'linked' to the Internet in the
> interest
> > of 'efficiency'.  Air gap them all and let them apply for
> "Inefficiency
> > Relief" from the $100 million relief fund.
> 
> Absolutely!  For example, those thousands of flight plans filed every
> day
> by airlines across the globe, not to mention private flights, should
be
> done manually the old fashioned way, with a paper form and stopping by
> your local FAA office where a human keys them into the ATC computer.
> Oh
> wait, we closed all of those offices when we moved all of those
> functions
> to the Internet.  I guess we'll just have to re-open them.

I believe the point was in response to:

"control systems that were often designed without Internet connectivity
or security in mind. Many of those systems-which run everything from
subway systems to air-traffic control networks-have since been linked to
the Internet"

If something was designed without network security "in mind" and then
connected to the internet as-is, then yeah, that pretty much is not only
"madness" but is just asking for trouble. So I am torn between this
being another exercise in treating the symptoms while ignoring the
underlying cause and at least having SOMEONE watching the front door if
the owners aren't paying any attention themselves.  But I would think
the cost of the program could be scaled back somewhat if certain basic
security practices were mandated prior to the system being installed. 