Hacking Ukraine's Power Grid
This is an excellent article on the December hack of Ukraine's power grid.
Posted on March 9, 2016 at 6:11 AM
"For another, airgapping isn't foolproof, and might lead to complacency - after all, people are still operating the things, and they might not all be trustworthy."
I think this is a reasoning fallacy; it's sacrificing the good in search of the perfect. Failure via complacency in this context would mean that a single attack at a single location gets through. Failure with sites which are networked together means a single attack takes down an unknowable number of locations. There's a big difference between those two scenarios.
The facts are in WRT to network security- it's imperfect because the defense's technology is not qualitatively different from the offensive technology used to break it. It will always be a game of cat and mouse. Network computers are subject to all attacks air gapped computers are subject to PLUS network attacks PLUS zero days inside of the 3rd party software they run on.
It's not just that air-gapping computers works to thwart nearly everyone outside of state-level actors (well, so far) it's that air gapping computers importantly and dramatically narrows the vector of attack. What's left to the attackers looks like sophisticated electromagnetic radiation attacks (let's include sound-wave based attacks here) and physically connecting a device the attacker has controlled at time point one to the machine to be attacked at time point two.
Between a sprawling confederation of networked computers and a series of individually air gapped computers which set of castles would you prefer to defend?
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.