Mark Gritter (markgritter) wrote,
Mark Gritter

Air gaps and private networks

Bruce Schneier asks Why not improve security by "[taking] those critical electrical grid computers off the public Internet?", and the discussion that follows is reasonably good.

But I think there is a false dichotomy here. In the long run, a private network isn't feasible nor even secure--- the difference is between networked and non-networked devices. Power grids, arguably, need to be networked. It is possible to imagine humans covering the "air gap" and flipping switches in response to market demands and load-balancing decisions. But humans have error modes that are just as severe. Disconnection is not a risk-free alternative.

Once you have a networked system, what does it run on? Power companies may well have the resources to run their own fiber. But they don't necessarily have the expertise to run a continent-spanning IP-based network reliably. Companies that specialize in telecommunications do. The engineering effort required to keep a network up and running is nontrivial, so there will be strong pressures both financially and operationally to run over somebody else's infrastructure. You might have what looks like a "leased line" but in reality it's a packet-switched virtual connection that shares infrastructure with the public Internet.

Even a "private" network must exchange information with public networks in order to be relevant. You might ensure that the only link is a human, but remote attacks are still possible by convincing the human to act in the way you want.

That doesn't mean all your SCADA systems need globally routable IPv6 addresses that any hacker can connect to. But it does mean that private systems will tend to look more and more like public systems, and depend on the same set of technical expertise and physical resources. A system that doesn't use off-the-shelf public-Internet infrastructure and technologies will be more expensive, less reliable, and less secure than one which is based on the public Internet. The question is not whether networked systems will be connected to the public Internet, but how.

A similar trend toward commodity solutions drives adoption of virtualization. While a VM may not be a "dedicated" resource, virtual infrastructure can be more reliable than its physical counterpart. Exchanging specialized infrastructure for general-purpose, flexible infrastructure improves both availability and security.
Tags: hardware, internet, security
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded