|
|
|
|
|
|
by Osaka
3914 days ago
|
|
|
Due to the nature of critical infrastructure it would not be advisable to force lockout rules and rate limiting on devices. The main issue comes from the long life cycle of equipment and companies not wanting to change to new securer methods due to fear of costs implementing it. |
|
|
Which is to say: These networks should be closed-loop, and air gapped from the internet. The best security is simply not letting an attacker connect to the equipment at all.
Same way cars are meant to work. One network for the vehicle control systems, another network for the fun stuff (in car entertainment, OnStar, etc). With well defined interconnections between them (that assumes the "fun stuff" side can misbehave).
If there is any interconnection between the critical infrastructure network and the internet, then it needs to be very well regulated, down to the packet lengths.