posted on Apr, 26 2012 @ 05:11 AM
It seems odd that critical infrastructure should ever be online. I tried to search for reasons why it might be. I found many articles expressing
concern about security and potential backdoors, but little info on why they should be connected in the first place. So I can only offer my own
conclusion - that it may be necessary, in an emergency, to have remote access.
An article I found,
backs up my opinion about emergency access by stating:
"Infrastructure software vendors and critical infrastructure owners have long maintained that industrial control systems (ICSes) — even if rife
with security vulnerabilities — are not at risk of penetration by outsiders because they’re “air-gapped” from the internet — that is,
they’re not online."
So the 'air-gap' is a natural defence but can be closed if required. It seems reasonable to rely on an air-gap if your certain it's there. And
are sure it can easily be switched as required. However, the author of the article then shows how a relatively simple search tool (not google!) was
used to reach, basically, the login screens of various infrastructure control systems around the world. Not wishing to actually access these systems,
the info was passed to the DHS.
Therefore, without investigating further, it wasn't possible to say just how critical those systems were; they could simply have been controlling
something as mundane as the lighting in school corridors. Presumably, accessing the login screens of nuclear reactors is a bit harder.
Also, relying on air-gaps, even when vulnerabilities are known to exist, doesn't help if someone has access to the air-gap and wishes to be