Over the past month, I have received a number of emails and seen a number of LinkedIn articles suggesting that I was attacking the concept of data diodes when I stated that Air Gaps are a myth. Unfortunately, this is a serious misunderstanding of my message to the ICS/SCADA community.
I am not writing about technology when I say Air Gaps are impossible. Whether you use a firewall, a data diode or tin cans and string to filter and control your information flow is not my point. These are all valuable technologies (well, maybe not the last one). They are also not silver bullets, but when used intelligently in a defense in depth strategy, they can all do a lot to secure a control system.
Eric Byres points out that technology is not a silver bullet, but when used in a defense in depth strategy, can improve control system security.
What I am writing about is the philosophy that says we can truly isolate our control systems from the outside world. I think anyone who says "my control system is completely isolated" is badly misguided. That person is only focusing on the obvious network flows and ignoring the other sneakernet flows that are every bit as dangerous. This is where the "myth" lies. It is not in “what is the correct technology for securing control systems”.
The flaw in the Isolation philosophy (I won’t call it an Air Gap philosophy to avoid any more confusion) is that it depends on a single defense – complete electronic isolation of a control system. With a single defense comes a single point of failure. From hard experience, we all know that designs with a single point of failure are not robust. Bottom line is that Isolation of the control network is not a viable long-term strategy.
Please send comments and suggestions on the technologies that you think will best control and manage information flows. And let me know what you do to manage information flows that are not over the network, such as mobile media (CD, USB keys, etc.), wireless, serial and personal electronic devices. A debate on the most effective technologies for securing SCADA and ICS would be a welcome change from Air Gaps.
- Wikipedia, Webpage: Sneakernet
- Blog: Air Gaps won’t Stop Stuxnet’s Children
- Blog: Defense in Depth is Key to SCADA Security - Part 1 of 2
- Blog: Defense in Depth: Layering Multiple Defenses - Part 2 of 2
- Blog: Using ANSI/ISA-99 Standards for SCADA Security (plus White Paper)
- Blog: #1 ICS and SCADA Security Myth: Protection by Air Gap
© Tofino Security 2012 | All Rights Reserved | Tofino Security is part of Hirschmann, a Belden Brand