Arguing against using public IP space
Jay Ashworth
jra at baylink.com
Sun Nov 13 23:29:39 UTC 2011
----- Original Message -----
> From: "Roland Dobbins" <rdobbins at arbor.net>
> The real issue is interconnecting SCADA systems to publicly-routed
> networks, not the choice of potentially routable space vs. RFC1918
> space for SCADA networks, per se. If I've an RFC1918-addressed SCADA
> network which is interconnected to a publicly-routed- and -accessible
> network, then an attacker can work to compromise a host on the
> publicly-accessible network and then jump from there to the RFC1918
> SCADA network.
SCADA networks should be hard air-gapped from any other network.
In case you're in charge of one, and you didn't hear that, let me say it again:
*SCADA networks should he hard air-gapped from any other network.*
If you're in administrative control of one, and it's attacked because you
didn't follow this rule, and someone dies because of it, I heartily, and
perfectly seriously, encourage that you be charged with homicide.
We do it with Professional Engineers; I see no reason we shouldn't expect
the same level of responsibility from other types.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
More information about the NANOG
mailing list