Re: airgap / negligent homicide charge
The determination of whether a failure rises to the level of negligent homicide will require a review of industry standards, company standards and sometimes straight common-sence. If the industry standard is airgap re security you are probably okay so long as you review and address the very concerns and questions you are raising in a responsible fashion that does not rely solely on expediency, cost, etc., but looks to real-world scenarios and emergency / backup procedures, equipment, testing and training. Mickey Fox CMK Consulting Services On Nov 14, 2011 9:00 AM, <nanog-request@nanog.org> wrote:
Send NANOG mailing list submissions to nanog@nanog.org
To subscribe or unsubscribe via the World Wide Web, visit https://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-request@nanog.org
You can reach the person managing the list at nanog-owner@nanog.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..."
Today's Topics:
1. Re: Arguing against using public IP space (Valdis.Kletnieks@vt.edu) 2. Re: Arguing against using public IP space (Joel jaeggli) 3. Re: Arguing against using public IP space (Jimmy Hess) 4. Re: Arguing against using public IP space (Owen DeLong) 5. Re: Arguing against using public IP space (Dobbins, Roland) 6. Cable standards question (Sam (Walter) Gailey) 7. Re: Cable standards question (Daniel Seagraves) 8. Re: Arguing against using public IP space (Joe Greco) 9. Re: Arguing against using public IP space (Ray Soucy)
----------------------------------------------------------------------
Message: 1 Date: Sun, 13 Nov 2011 21:43:32 -0500 From: Valdis.Kletnieks@vt.edu To: Brett Frankenberger <rbf+nanog@panix.com> Cc: NANOG <nanog@nanog.org> Subject: Re: Arguing against using public IP space Message-ID: <81357.1321238612@turing-police.cc.vt.edu> Content-Type: text/plain; charset="us-ascii"
On Sun, 13 Nov 2011 19:14:59 CST, Brett Frankenberger said:
What if you air-gap the SCADA network of which you are in administrative control, and then there's a failure on it, and the people responsible for troubleshooting it can't do it remotely (because of the air gap), so the trouble continues for an extra hour while they drive to the office, and that extra hour of failure causes someone to die. Should that result in a homicide charge?
If you designed a life-critical airgapped network that didn't have a trained warm body at the NOC 24/7 with an airgapped management console, and hot (or at least warm) spares for both console and console monkey, yes, you *do* deserve that negligent homicide charge.
Here's a quote from a famous court case (T.J. Hooper) on liability and industry standards: Indeed in most cases reasonable prudence is in face common prudence; but strictly it is never its measure; a whole calling may have unduly lagged in the adoption of new and available devices. It may never set its own tests, however persuasive be its usages. Courts must in the end say what is required; there are precautions so imperative that even their universal disregard will not excuse their omission. And here's a quote from a legal textbook: The standard of conduct imposed by the law is an external one, based upon what society demands generally of its members, rather than upon the actors personal morality or individual sense of right and wrong. A failure to conform to the standard is negligence, therefore, even if it is due to clumsiness, stupidity, forgetfulness, an excitable temperament, or even sheer ignorance. An honest blunder, or a mistaken belief that no damage will result, may absolve the actor from moral blame, but the harm to others is still as great, and the actors individual standards must give way in this area of the law to those of the public. In other words, society may require of a person not to be awkward or a fool. In other words, get real legal advice on the standard of care you should observe. On Nov 14, 2011, at 10:25 AM, Mickey Fox wrote:
The determination of whether a failure rises to the level of negligent homicide will require a review of industry standards, company standards and sometimes straight common-sence.
If the industry standard is airgap re security you are probably okay so long as you review and address the very concerns and questions you are raising in a responsible fashion that does not rely solely on expediency, cost, etc., but looks to real-world scenarios and emergency / backup procedures, equipment, testing and training.
Mickey Fox CMK Consulting Services On Nov 14, 2011 9:00 AM, <nanog-request@nanog.org> wrote:
Send NANOG mailing list submissions to nanog@nanog.org
To subscribe or unsubscribe via the World Wide Web, visit https://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-request@nanog.org
You can reach the person managing the list at nanog-owner@nanog.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..."
Today's Topics:
1. Re: Arguing against using public IP space (Valdis.Kletnieks@vt.edu) 2. Re: Arguing against using public IP space (Joel jaeggli) 3. Re: Arguing against using public IP space (Jimmy Hess) 4. Re: Arguing against using public IP space (Owen DeLong) 5. Re: Arguing against using public IP space (Dobbins, Roland) 6. Cable standards question (Sam (Walter) Gailey) 7. Re: Cable standards question (Daniel Seagraves) 8. Re: Arguing against using public IP space (Joe Greco) 9. Re: Arguing against using public IP space (Ray Soucy)
----------------------------------------------------------------------
Message: 1 Date: Sun, 13 Nov 2011 21:43:32 -0500 From: Valdis.Kletnieks@vt.edu To: Brett Frankenberger <rbf+nanog@panix.com> Cc: NANOG <nanog@nanog.org> Subject: Re: Arguing against using public IP space Message-ID: <81357.1321238612@turing-police.cc.vt.edu> Content-Type: text/plain; charset="us-ascii"
On Sun, 13 Nov 2011 19:14:59 CST, Brett Frankenberger said:
What if you air-gap the SCADA network of which you are in administrative control, and then there's a failure on it, and the people responsible for troubleshooting it can't do it remotely (because of the air gap), so the trouble continues for an extra hour while they drive to the office, and that extra hour of failure causes someone to die. Should that result in a homicide charge?
If you designed a life-critical airgapped network that didn't have a trained warm body at the NOC 24/7 with an airgapped management console, and hot (or at least warm) spares for both console and console monkey, yes, you *do* deserve that negligent homicide charge.
On Nov 14, 2011, at 5:15 PM, Steven Bellovin wrote:
And here's a quote from a legal textbook:
in this area of the law to those of the public. In other words, society may require of a person not to be awkward
If only that were more generally true. -j
participants (3)
-
James Downs
-
Mickey Fox
-
Steven Bellovin