K. Brian Kelley (8/12/2014)
patrickmcginnis59 10839 (8/12/2014)
I know I'm a little slow, but I'm having some difficulty identifying venoym's mistake, from what I've read he's actually talking about required and recommended practices. Could you offer a little help in identifying his actual mistake? Sure would be appreciated!
Venoym believes in defense in depth and not relying on one mechanism to protect your kingdom. This is the best approach. There's nothing wrong here.
Unfortunately, there are too many in the development, implementation, and administration of SCADA software that don't think the same way. They believe that one defense, the air gap/data diode, can protect them from any and all attacks.
Venoym's mistake, at least from what I've seen in the posts, is in thinking that more folks in the industry think like Venoym does. From what I've seen of the SCADA industry, Venoym is the exception, not the rule, when it comes to thinking about security and how to properly apply it.
In actuality, I don't extend that thinking. The US Nuclear Regulatory Commission does. Regulations stipulate that you can't stop at a Data Diode/Air-Gap, regardless of what your SCADA vendor does. I know for a fact that there are many who think that a Data Diode is the end all, which is wrong headed at best. The simple point that I'm attempting to illustrate is that beating a drum of "Air-Gaps are useless" is just as wrong as relying solely on them, this is what the linked article was about and is what you stated in your editorial. What the mantra of "Air-gaps are failed infosec" will lead to is SCADA systems directly connected to the Internet and highly vulnerable to many 0 day exploits that can cause actual damage to large portions of a country. Simply put, if it is not connected it cannot be remotely controlled! Do you still have to do best practices? YES. You can't disregard that some things NEED to be disconnected. (Think about the Top Secret data/information at the CIA as an example).