Re: Arguing against using public IP space

["Eric C. Miller" <eric () ericheather com>]

Not sure if anyone has thought of it like this, but:

Air Gap is still only as secure as the people with access to it. NAT and firewalls provide a compromise between 
security and connectivity. But remember that at a power plant, the PBX system still connects to the outside world, and 
there is a phone in the control room. What stops a nefarious social hacker from calling up the control room and 
convincing the 3rd shift operator to stop producing power (claiming to be from the regional authority)? Caller-ID can 
be hacked. My personal belief is that all layers of the OSI/DOD model should assume that the adjacent lower level can 
and will be compromised at some point and measures should be put in place to encrypt or authenticate messages. 
Unfortunately for us, our critical infrastructure in this country still operates on outdated security-less network 
architectures like ArcNET. Even most of the PLCs in use at power plants utilize no security or have simple passwords 
like "supervisor" and "operator." The US gov's NERC has random inspections for CIP compliance, but I feel that they 
happen so infrequently, that nothing will be done in time to adequately protect us from certain dangers that loom.

Eric Miller
Network Engineering Consultant