Re: U.S. Plans Cyber Shield for Utilities, Companies

[Owen DeLong <owen () delong com>]

On Jul 8, 2010, at 10:13 AM, George Bonser wrote:

> > -----Original Message-----
> > From: Brandon Ross
> > Sent: Thursday, July 08, 2010 6:52 AM
> > To: Michael Painter
> > Cc: nanog () nanog org
> > Subject: Re: U.S. Plans Cyber Shield for Utilities, Companies
> >
> > On Wed, 7 Jul 2010, Michael Painter wrote:
> >
> > > Have we all gone mad?
> > > I find it hard to understand that a nuclear power plant, air-traffic
> > control
> > > network, or electrical grid would be 'linked' to the Internet in the
> > interest
> > > of 'efficiency'.  Air gap them all and let them apply for
> > "Inefficiency
> > > Relief" from the $100 million relief fund.
> >
> > Absolutely!  For example, those thousands of flight plans filed every
> > day
> > by airlines across the globe, not to mention private flights, should
> be
> > done manually the old fashioned way, with a paper form and stopping by
> > your local FAA office where a human keys them into the ATC computer.
> > Oh
> > wait, we closed all of those offices when we moved all of those
> > functions
> > to the Internet.  I guess we'll just have to re-open them.
>
> I believe the point was in response to:
>
> "control systems that were often designed without Internet connectivity
> or security in mind. Many of those systems-which run everything from
> subway systems to air-traffic control networks-have since been linked to
> the Internet"
>
> If something was designed without network security "in mind" and then
> connected to the internet as-is, then yeah, that pretty much is not only
> "madness" but is just asking for trouble. So I am torn between this
> being another exercise in treating the symptoms while ignoring the
> underlying cause and at least having SOMEONE watching the front door if
> the owners aren't paying any attention themselves.  But I would think
> the cost of the program could be scaled back somewhat if certain basic
> security practices were mandated prior to the system being installed. 
I think part of the problem comes from interrelationships between the
transitive property of trust (if A trusts B and B trusts C, then A trusts
C whether A knows it or not) and the perceived vs. actual nature of
linkage.

For example, it would seem madness to put an HTTP server directly
on the primary Air Traffic Scheduling System at "FAA Central" and
have it collect flight plans directly from the internet.

However, what happens is that FAA contracts Lockheed out to run
several Automated Flight Service Stations and also contracts two
other companies (GTE and CONTEL last I looked at who had the
contracts) to run a service known as "Direct User Access Terminals"
or DUATS. Lockheed runs their own systems and interacts with
pilots by telephone and radio. Flight Plans and Pilot Reports collected
by Lockheed are put into Lockheed systems which are then linked
into the FAA systems. I do not know if any of those links involve
internet connectivity or not. LIkely some do.

The DUATS systems also link into the FAA computers for uploading
flight plans and pilot reports and for getting weather and NOTAM
information from the FAA. As such, at least on some level, the FAA
systems are linked to systems that are linked to the internet and
there definitely isn't an air-gap. I suspect it is a full enough form
of proxy that only data can traverse from one to the other. I think
the design of the systems is probably relatively sane on that level.

However, I doubt anyone on this list really knows for sure how the
systems were designed or the exact nature of their linkages and
I suspect there are many many other examples of such indirect
linkages that have grown organically over time as the internet
has moved from scientific novelty to a place to distribute web
access and now starts to become the fundamental basis for
communication among humans, machines, and others throughout
the world.

There used to be a clear line between telecom and datacom.
It used to be that the internet was clearly datacom. Today, it's
almost as if telecom as a separate discipline is going away
and instead voice is becoming an application on the datacom
network.

It used to be that datacom was many disparate specialized
networks each serving a particular datacom purpose. Today,
the internet has become the generic low-level building block
upon which virtually every datacom application, including
the new telecom (voice as an application on a data network)
is being built.

With these changes and their relationships to legacy systems
come new security concerns. Some known, many likely not even
noticed as things move forward.

Owen