Also, I was kidding. :) On Thu, 14 Nov 2013 06:38:10 -0600 (CST) "J.A. Terranson" <measl@mfn.org> wrote:
On Thu, 14 Nov 2013, Cathal Garvey (Phone) wrote:
But what if they use BadBIOS to beam into space on a microwave carrier by modulating the PSU of all infected laptops at once?!
I understand your point, however, we aren't talking about just any old system, we are discussing the most critical parts of electronic infrastructure here. When you've got a computer controlling fission, or power distribution {$your critical infrastructure of choice}, this is simply a Best Practice. Hell, if we can do this for crap like public Internet carriers[1], why is it unreasonable to do this for actual critical systems?
//Alif
[1] I have worked for or with several internet carriers who enforced this kind of security around their core systems: the smallest was a very small regional carrier, while the largest was a multinational NSP. The only potential losses were dollars - painful but not necessarily fatal, or with any national security interest. If a dipshit regional carrier can do this, a power company failing to do so is simply negligent.
And yes, I know that power companies are notoriously casual with their SCADA systems: it makes me crazy to think about it.