Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Chief Wants Internet Partitioned For Government, 'Critical' Industries

Posted by timothy on from the little-cubbies-for-everything dept.

GovTechGuy writes "NSA chief Keith Alexander, also the head of the US Cyber Command, told reporters that he would like to see the creation of a secure zone on the Internet for government and critical private sector industries such as utility companies and the financial sector. Alexander has repeatedly emphasized the dramatic nature of the cyber threat facing American networks and his comments were a further sign that the Pentagon does not think the war against foreign hackers can be won. Alexander denied the military has any role in safeguarding civilian networks currently, but didn't rule out the option in the future."

1 of 258 comments (clear)

  1. Re:Why is this stuff connected to *the* internet? by thegarbz · · Score: 0, Troll

    You as like most of the people who post about plant automation do not understand quite how these systems are connected together. No plant is directly connected to the internet, Ok maybe the powerplant of idiot town is but no sane company actually connects their plant directly to the internet, and no vendor proposes such a solution. Typically there are 2 networks and 2 firewalls before you get anywhere near the internet.

    The firewall at the control system is strictly one way, in some cases not even acknowledgement packets are allowed through the other way. This allows the control system to push all it's process data onto the a network full of software and systems which analyse and store / trend this data long term. That raises the key problem. You a) don't want these systems on the process network, b) don't want this information isolated, and c) often have a requirement (corporate or legal) to actually store this information offsite anyway for disaster investigation.
    So this network is often connected to another network such as the company's IT infrastructure via another firewall.

    Connecting networks together so that something can be accessed from the internet is not a really bad idea. Having an idiot in charge of designing or managing the network topology and system is! Many of these plants are only still standing today because of the ability to quickly in realtime diagnose major problems remotely often involving experts from around the world. In most cases the risk of locking all the information up is higher than the risk of a successful attack on a carefully designed network.