nanog mailing list archives

Re: Arguing against using public IP space

From: Jay Ashworth <jra () baylink com>
Date: Sun, 13 Nov 2011 18:29:39 -0500 (EST)

----- Original Message -----

From: "Roland Dobbins" <rdobbins () arbor net>

The real issue is interconnecting SCADA systems to publicly-routed
networks, not the choice of potentially routable space vs. RFC1918
space for SCADA networks, per se. If I've an RFC1918-addressed SCADA
network which is interconnected to a publicly-routed- and -accessible
network, then an attacker can work to compromise a host on the
publicly-accessible network and then jump from there to the RFC1918
SCADA network.


SCADA networks should be hard air-gapped from any other network.

In case you're in charge of one, and you didn't hear that, let me say it again:

*SCADA networks should he hard air-gapped from any other network.*

If you're in administrative control of one, and it's attacked because you
didn't follow this rule, and someone dies because of it, I heartily, and
perfectly seriously, encourage that you be charged with homicide.

We do it with Professional Engineers; I see no reason we shouldn't expect
the same level of responsibility from other types.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

Current thread:

RE: Have they stopped teaching Defense in Depth?, (continued)
- - - RE: Have they stopped teaching Defense in Depth? Jamie Bowden (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? William Herrin (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Jimmy Hess (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Jay Ashworth (Nov 16)
    - RE: Have they stopped teaching Defense in Depth? Leigh Porter (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Valdis . Kletnieks (Nov 16)
    - RE: Have they stopped teaching Defense in Depth? Jamie Bowden (Nov 16)
- Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
  - Re: Arguing against using public IP space Jay Ashworth (Nov 13)
    - Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
    - Re: Arguing against using public IP space Brett Frankenberger (Nov 13)
    - Re: Arguing against using public IP space Jay Ashworth (Nov 13)
    - Re: Arguing against using public IP space Joe Greco (Nov 13)
    - Re: Arguing against using public IP space Joel jaeggli (Nov 13)
    - Re: Arguing against using public IP space Joe Greco (Nov 14)
    - Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
    - Re: Arguing against using public IP space Joe Greco (Nov 14)
    - Re: Arguing against using public IP space Valdis . Kletnieks (Nov 13)
- Re: Arguing against using public IP space David Walker (Nov 13)

(Thread continues...)