On Jul 8, 2010, at 10:12 AM, valdis.kletni...@vt.edu wrote:
On Wed, 07 Jul 2010 19:16:27 -1000, Michael Painter said:
I find it hard to understand that a nuclear power plant, air-
traffic control
network, or electrical grid would be 'linked' to the Internet in
the interest
of 'efficiency'. Air gap them all and let them apply for
"Inefficiency Relief"
from the $100 million relief fund.
OK, so you airgap the whole thing, and apply for "Inefficiency
Relief" to help
pay for those 2,397 separate dark fiber dedicated links you need to
contact
your 2,397 remote sensing stations and control points. And of
course, since you
end up burning a *lot* of dark fiber pairs when every utility starts
doing
that, the provider gets to go back and put a whole lot more 96-pair
or whatever
alongside the previous bundle, driving prices back up after our long-
term fiber
glut.
I think that there needs to be a balance.
There is no Internet access to certain military systems, for example,
but that doesn't mean that the
base housing them has no Internet access. I would expect the same to
be true for, e.g., nuclear power systems. If this
has never been thought through by someone, it would not be a bad idea
to start now.
On the other hand, my friends in military networking tend to be
cynical about these kinds of exercises. They
may or may not actually increase security, in fact they sometimes
degrade it, but they tend to be very good at sending money to
politically well connected contractors.
Regards
Marshall
And then you discover that your actual network reliability goes
*down*, because
getting your provider to troubleshoot your measly 64K channel is a
pain and
takes a long time to get results - whereas if you went commodity
Internet your
packets are now mixed in with everybody else's on a important 10GE
link. Sure,
that 10GE link may be just 2 fibers over in the same bundle - but
guess which
one will probably be spliced first after the backhoe hits? (Plus of
course, if
37 of those 2,397 links were in the bundle, it's going to take 37
splices to
get you 100% back up, instead of just one splice....)
What's the going rate these days that you have to pay to make sure
your fiber
gets spliced first rather than that other customer's 10GE? And
what's it
cost to do it for all 2,397 links? And if your electrical-grid
fiber is
in the same cable as the other customer's ATC cable, who gets
spliced first?
If you have a single point of failure in your design, you really
want to
make sure that the point is heavily fate-shared with enough other
customers
that the provider will feel *really* motivated to fix your problem. ;)