Re: SCADA (or: How I learned to love receiving FWW in digest form)

[Mike Barkett <mbarkett () us checkpoint com>]

Yeah, I know the subject line makes me sound like a fuddy-duddy.  Anyway, because this is apparently a 
last-one-to-post-wins thread, I figured I'd chime in.

It seems that all of us subscribe to differing degrees of the same possibly incorrect notion... that all systems must 
be connected to something.  If a system risks failure due to being connected to an infrastructure that will also fail 
along with it, then maybe the net value of such connectivity is greatly diminished.  I believe Marcus' artist friend 
rather elegantly made a similar point.

We've already talked about solving the logging problem with physical air gaps and a connectionless logger.  Save for 
physical access and possibly a dedicated leased line to an isolated emergency outpost (for example, to try to remediate 
things if physical access is too dangerous for humans, or to manually apply patches IF applicable), why introduce any 
additional risk?

-MAB
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards