[146446] in North American Network Operators' Group
Re: Arguing against using public IP space
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Sun Nov 13 18:30:48 2011
Date: Sun, 13 Nov 2011 18:29:39 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <B9AEE1BF-E963-4B79-A705-D12301E7A823@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Roland Dobbins" <rdobbins@arbor.net>
> The real issue is interconnecting SCADA systems to publicly-routed
> networks, not the choice of potentially routable space vs. RFC1918
> space for SCADA networks, per se. If I've an RFC1918-addressed SCADA
> network which is interconnected to a publicly-routed- and -accessible
> network, then an attacker can work to compromise a host on the
> publicly-accessible network and then jump from there to the RFC1918
> SCADA network.
SCADA networks should be hard air-gapped from any other network.
In case you're in charge of one, and you didn't hear that, let me say it again:
*SCADA networks should he hard air-gapped from any other network.*
If you're in administrative control of one, and it's attacked because you
didn't follow this rule, and someone dies because of it, I heartily, and
perfectly seriously, encourage that you be charged with homicide.
We do it with Professional Engineers; I see no reason we shouldn't expect
the same level of responsibility from other types.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
