Re: U.S. Plans Cyber Shield for Utilities, Companies

[Marshall Eubanks <tme () americafree tv>]

On Jul 8, 2010, at 10:12 AM, Valdis.Kletnieks () vt edu wrote:

> On Wed, 07 Jul 2010 19:16:27 -1000, Michael Painter said:
>
> > I find it hard to understand that a nuclear power plant, air- 
> > traffic control
> > network, or electrical grid would be 'linked' to the Internet in  
> > the interest
> > of 'efficiency'.  Air gap them all and let them apply for  
> > "Inefficiency Relief"
> > from the $100 million relief fund.
>
> OK, so you airgap the whole thing, and apply for "Inefficiency  
> Relief" to help
> pay for those 2,397 separate dark fiber dedicated links you need to  
> contact
> your 2,397 remote sensing stations and control points. And of  
> course, since you
> end up burning a *lot* of dark fiber pairs when every utility starts  
> doing
> that, the provider gets to go back and put a whole lot more 96-pair  
> or whatever
> alongside the previous bundle, driving prices back up after our long- 
> term fiber
> glut.

I think that there needs to be a balance.

There is no Internet access to certain military systems, for example,  
but that doesn't mean that the
base housing them has no Internet access. I would expect the same to  
be true for, e.g., nuclear power systems. If this
has never been thought through by someone, it would not be a bad idea  
to start now.

On the other hand, my friends in military networking tend to be  
cynical about these kinds of exercises. They
may or may not actually increase security, in fact they sometimes  
degrade it, but they tend to be very good at sending money to  
politically well connected contractors.

Regards
Marshall


> And then you discover that your actual network reliability goes  
> *down*, because
> getting your provider to troubleshoot your measly 64K channel is a  
> pain and
> takes a long time to get results - whereas if you went commodity  
> Internet your
> packets are now mixed in with everybody else's on a important 10GE  
> link.  Sure,
> that 10GE link may be just 2 fibers over in the same bundle - but  
> guess which
> one will probably be spliced first after the backhoe hits? (Plus of  
> course, if
> 37 of those 2,397 links were in the bundle, it's going to take 37  
> splices to
> get you 100% back up, instead of just one splice....)
>
> What's the going rate these days that you have to pay to make sure  
> your fiber
> gets spliced first rather than that other customer's 10GE?  And  
> what's it
> cost to do it for all 2,397 links?  And if your electrical-grid  
> fiber is
> in the same cable as the other customer's ATC cable, who gets  
> spliced first?
>
> If you have a single point of failure in your design, you really  
> want to
> make sure that the point is heavily fate-shared with enough other  
> customers
> that the provider will feel *really* motivated to fix your problem. ;)