Hacker News new | ask | show | jobs
by closeparen 2541 days ago
It's not a solution, it's a layer. Vulnerabilities still matter behind an airgap. A hospital is a large, semi-public facility. Patients are left alone in their rooms with network drops. There are legitimate business needs to transfer records in from and out to other institutions; who's to say they can't contain exploit payloads? There are contractors, vendors, and high-turnover low-skilled staff circulating every day. And even if there weren't, if you've been thinking of the airgap as a "solution" and not keeping up with patches, the first person to cross will have a ridiculously easy time with whatever's inside.

It's good to raise the bar from drive-by internet strangers to people and organizations willing to take mild physical risks, but it's not a panacea.
1 comments
ziddoap 2540 days ago
I suppose I could have been more precise in my wording, and clarified that I see it as a solution to a piece of the puzzle. Indeed, you do word it better in saying it is a layer. I agree. It is a solution to facet of a problem which exists at a certain layer.

I don't quite know how my comment led you to believe that I think airgapping is a pancea which solves all the existing computer woes in the world.

I certainly don't think, and didn't intend to imply, that airgapping removes the risk from contractors or a reason to not keep up on patches. Again, I'm confused how you reached that conclusion based on my comment.

link
aptwebapps 2540 days ago
Unless the person you're replying to thinks you are personally currently maintaining such equipment, that's a general 'you'.

"And even if there weren't, if you've been thinking of the airgap as a "solution" and not keeping up with patches, ..."

Nobody here is going to say airgap and done, but out in the wild they will certainly deprioritize updates on airgapped equipment.

link
ziddoap 2540 days ago
Well I mean, I said it's a solution. They said it is not a solution, a direct response to what I specifically had said, and followed by directly responding to the rest of my statement. The entire comment seems to be directed at what I said, hinging off my use of "solution".

Perhaps the 'you' was intended to be generalized. I interpreted as directed at me, since the entirety of the comment is directed at me. Maybe I'm mistaken.

The joys of trying to have meaningful conversations over text.

link
closeparen 2540 days ago
If it’s a solution, legislation should just require it. If it’s one of many possible security controls that will each help a bit, we might need more nuanced and local decision making.
link