-----Original Message----- From: Brandon Ross Sent: Thursday, July 08, 2010 6:52 AM To: Michael Painter Cc: nanog@nanog.org Subject: Re: U.S. Plans Cyber Shield for Utilities, Companies
On Wed, 7 Jul 2010, Michael Painter wrote:
Have we all gone mad? I find it hard to understand that a nuclear power plant, air-traffic control network, or electrical grid would be 'linked' to the Internet in the interest of 'efficiency'. Air gap them all and let them apply for "Inefficiency Relief" from the $100 million relief fund.
Absolutely! For example, those thousands of flight plans filed every day by airlines across the globe, not to mention private flights, should be done manually the old fashioned way, with a paper form and stopping by your local FAA office where a human keys them into the ATC computer. Oh wait, we closed all of those offices when we moved all of those functions to the Internet. I guess we'll just have to re-open them.
I believe the point was in response to: "control systems that were often designed without Internet connectivity or security in mind. Many of those systems-which run everything from subway systems to air-traffic control networks-have since been linked to the Internet" If something was designed without network security "in mind" and then connected to the internet as-is, then yeah, that pretty much is not only "madness" but is just asking for trouble. So I am torn between this being another exercise in treating the symptoms while ignoring the underlying cause and at least having SOMEONE watching the front door if the owners aren't paying any attention themselves. But I would think the cost of the program could be scaled back somewhat if certain basic security practices were mandated prior to the system being installed.