On Thu, 8 Jul 2010, Joe Greco wrote:
There's a happy medium in there somewhere; it's not clear that having (to use the examples given) air traffic control computers directly on the Internet has sufficient value to outweigh the risks. However, it seems that being able to securely gateway appropriate information between the two networks should be manageable, certainly a lot more manageable than the NxM complexity involved if you try to do it by securing each and every Internet-connected ATC PC individually.
What makes you think that isn't exactly what this "Cyber Shield" project is supposed to do?
Because I'm cynical and I know how the real world works, and even if it's supposed to do that, by the time all is said and done, it probably won't.
Heck, what makes you think that's not the way most of these systems already work today?
Because we've all been told by those in the know that there are real vulnerabilities in these systems.
Do people really think the guy in the airport control tower is really surfing Facebook while he's controlling aircraft on the same computer, or that capability is even what is under consideration?
The reality of what's actually going on can be debated pointlessly until we're blue in the face; none of us are in a position to know, I suspect. On the other hand, it takes a few milliseconds to recall an air traffic controller letting his kid land planes. http://tinyurl.com/2dzvooc So let's not be too naive here. Anything you expect can't happen - can and probably will at some point. The point is that we want to forcibly separate networks and technology so that an air traffic controller CANNOT possibly be surfing Facebook on a computer that's being used for critical work. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.