Not sure if anyone has thought of it like this, but:

Air Gap is still only as secure as the people with access to it. NAT and 
firewalls provide a compromise between security and connectivity. But remember 
that at a power plant, the PBX system still connects to the outside world, and 
there is a phone in the control room. What stops a nefarious social hacker from 
calling up the control room and convincing the 3rd shift operator to stop 
producing power (claiming to be from the regional authority)? Caller-ID can be 
hacked. My personal belief is that all layers of the OSI/DOD model should 
assume that the adjacent lower level can and will be compromised at some point 
and measures should be put in place to encrypt or authenticate messages. 
Unfortunately for us, our critical infrastructure in this country still 
operates on outdated security-less network architectures like ArcNET. Even most 
of the PLCs in use at power plants utilize no security or have simple passwords 
like "supervisor" and "operator." The US gov's NERC has random inspections for 
CIP compliance, but I feel that they happen so infrequently, that nothing will 
be done in time to adequately protect us from certain dangers that loom.

Eric Miller
Network Engineering Consultant

Reply via email to