U.S. Plans Cyber Shield for Utilities, Companies

Joe Greco jgreco at ns.sol.net
Thu Jul 8 09:06:47 CDT 2010

> On Wed, 7 Jul 2010, Michael Painter wrote:
> > Have we all gone mad?
> > I find it hard to understand that a nuclear power plant, air-traffic control 
> > network, or electrical grid would be 'linked' to the Internet in the interest 
> > of 'efficiency'.  Air gap them all and let them apply for "Inefficiency 
> > Relief" from the $100 million relief fund.
> Absolutely!  For example, those thousands of flight plans filed every day 
> by airlines across the globe, not to mention private flights, should be 
> done manually the old fashioned way, with a paper form and stopping by 
> your local FAA office where a human keys them into the ATC computer.  Oh 
> wait, we closed all of those offices when we moved all of those functions 
> to the Internet.  I guess we'll just have to re-open them.
> And flight tracking data that airlines and freight companies use to track 
> their aircraft, yea, let's cut those off too.  If they want to know where 
> their plane is, just have them call the FAA.  Surely the government can 
> staff some huge call centers to handle the load of each airline calling 
> about each flight every few minutes.
> Heck, removing all of these functions from the Internet will create jobs, 
> too, right?  And no one would mind paying for all of this out of their 
> airline tickets, it should only increase fares by a third or so.

There's a happy medium in there somewhere; it's not clear that having (to
use the examples given) air traffic control computers directly on the
Internet has sufficient value to outweigh the risks.  However, it seems
that being able to securely gateway appropriate information between the 
two networks should be manageable, certainly a lot more manageable than
the NxM complexity involved if you try to do it by securing each and
every Internet-connected ATC PC individually.

It sucks in some ways, but providing a limited number of pathways in that
are under tight, secure control is a desirable goal.  If you give the PC
that allows control of the power grid access to the Internet so that the
operator can "efficiently" update his Facebook while he's simultaneously
controlling the power grid, that's hazardous, and no amount of snide
remarks about job creation will change that reality.

These networks ought to be air gapped to the maximum reasonable extent
possible; all pathways in ought to be defended as though they were the
gateway to the kingdom.

... JG
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

More information about the NANOG mailing list