[LINK] Milnet rides again

Richard Chirgwin rchirgwin at ozemail.com.au
Mon Oct 24 09:26:25 AEDT 2011 

Tom,

You say that electricity grid controls as private networks would not be 
feasible.

They are feasible, and exist now in Australia. This document, for example:
http://www.aer.gov.au/content/item.phtml?itemId=660458&nodeId=24f0c0c4742382e55201da8135479480&fn=Attachment%208A%20(18%20November%202004).pdf

...describes TransGrid's private fibre backbone in some detail.

While it is feasible or even likely that there are exposures - computers 
that might exist both on the private network and the Internet, and 
therefore might exist as potential paths for vulnerabilities - it's 
quite clear that private networks are feasible and do exist.

RC

On 24/10/11 9:05 AM, Tom Worthington wrote:
> On 23/10/11 09:14, Roger Clarke wrote:
>> [The dullards in the US military have discovered that connecting
>> important equipment to the open, public Internet is a bad idea. They
>> even think they've invented a new idea - that dedicated networks and
>> air-gaps contribute to security.]
>>
>> FBI Official Calls for Secure, Alternate Internet ... October 21,
>> 2011 Associated Press|by Lolita C. Baldor ... Military.com News
>> http://www.military.com/news/article/fbi-official-calls-for-secure-alternate-internet.html?ESRC=dod.nl
> The FBI is not part of the US military, it is a civilian police force
> similar to the Australian Federal Police.
>
> The US DoD is aware of the concept of separate networks, having set up
> separate IP networks some years ago:
>
> 1. Secret Internet Protocol Router Network (SIPRNet):
> http://en.wikipedia.org/wiki/SIPRNet
> 2. Non-secure Internet Protocol Router Network (NIPRNet):
> http://en.wikipedia.org/wiki/NIPRNet
>
> What the FBI official is suggesting is that civilian industry adopt an
> similar approach, with separate networks for sensitive control
> functions, such as for power grids. In my view that would not be
> feasible, but might be a useful way to explain to industry executives
> that additional security measures are needed. A physical "air gap" could
> not be used for all but the most sensitive applications. Instead
> configuration of the network equipment and encryption would be used to
> keep the data partitioned. As well as the technical infrastructure,
> training of the personnel would be required, to make sure they
> understood what they could do on which system.
>
> ps: Just to make the point that an air gap does not stop data access, I
> connected to ADFA in Canberra from the flag ship of the US 7th Fleet in
> the Coral Sea in 1997: http://www.tomw.net.au/nt/tt97.html  ;-)
>
>

More information about the Link mailing list