Arguing against using public IP space

• Previous message (by thread): Arguing against using public IP space
• Next message (by thread): Arguing against using public IP space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
> From: "Roland Dobbins" <rdobbins at arbor.net>

> The real issue is interconnecting SCADA systems to publicly-routed
> networks, not the choice of potentially routable space vs. RFC1918
> space for SCADA networks, per se. If I've an RFC1918-addressed SCADA
> network which is interconnected to a publicly-routed- and -accessible
> network, then an attacker can work to compromise a host on the
> publicly-accessible network and then jump from there to the RFC1918
> SCADA network.

SCADA networks should be hard air-gapped from any other network.

In case you're in charge of one, and you didn't hear that, let me say it again:

*SCADA networks should he hard air-gapped from any other network.*

If you're in administrative control of one, and it's attacked because you
didn't follow this rule, and someone dies because of it, I heartily, and
perfectly seriously, encourage that you be charged with homicide.

We do it with Professional Engineers; I see no reason we shouldn't expect
the same level of responsibility from other types.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

• Previous message (by thread): Arguing against using public IP space
• Next message (by thread): Arguing against using public IP space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]