----- Original Message -----
From: "Roland Dobbins" <rdobbins@arbor.net>
The real issue is interconnecting SCADA systems to publicly-routed networks, not the choice of potentially routable space vs. RFC1918 space for SCADA networks, per se. If I've an RFC1918-addressed SCADA network which is interconnected to a publicly-routed- and -accessible network, then an attacker can work to compromise a host on the publicly-accessible network and then jump from there to the RFC1918 SCADA network.
SCADA networks should be hard air-gapped from any other network. In case you're in charge of one, and you didn't hear that, let me say it again: *SCADA networks should he hard air-gapped from any other network.* If you're in administrative control of one, and it's attacked because you didn't follow this rule, and someone dies because of it, I heartily, and perfectly seriously, encourage that you be charged with homicide. We do it with Professional Engineers; I see no reason we shouldn't expect the same level of responsibility from other types. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274