Arguing against using public IP space

Joel jaeggli joelja at bogus.com
Mon Nov 14 02:59:45 UTC 2011


On 11/14/11 10:24 , Joe Greco wrote:
>> Sure, anytime there's an attack or failure on a SCADA network that
>> wouldn't have occurred had it been air-gapped, it's easy for people to
>> knee-jerk a "SCADA networks should be airgapped" response.  But that's
>> not really intelligent commentary unless you carefully consider what
>> risks are associated with air-gapping the network.
> 
> Not to mention that it's not the only way for these things to get
> infected.  Getting fixated on air-gapping is unrealistically ignoring
> the other threats out there.
> 
> There needs to be a whole lot more security work done on SCADA nets.

Stuxnet should provide a fairly illustrative example.

It doesn't really matter how well isolated from direct access it is if
it has a soft gooey center and a willing attacker.

> ... JG





More information about the NANOG mailing list