Viewing a single comment thread. View all comments

charleswj t1_j4ht5go wrote

Reply to comment by abitrolly in Zero Days (2016) - Stuxnet, a piece of self-replicating computer malware that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target. [01:53:51] by Missing_Trillions

>not connected to the Internet, and hence never patched

These two things are not mutually exclusive and is almost criminal in a nuclear facility

19

80burritospersecond t1_j4imm1t wrote

It's also kinda poor design to have all your emergency stop smash buttons be nothing but PLC inputs when they should be independently cutting power to the prime movers in whatever system is being controlled.

7

Burdekin_Boy t1_j4jv36w wrote

Yeah Estops into PLCs should only really be for signal/logging. Stand-alone safety relays should be in use.

3

TheImmortalIronZak t1_j4jvgft wrote

Absolutely is not. Most intelligence departments, Department of justice, homeland etc all have some departments with air gapped machines for security reasons. They can never be “hacked” or the like due to that. And as for the Iranian governments uranium enrichment center the air gapped machine’s control all aspects of the enrichment process, the centrifuges, etc for the same reason.

0

charleswj t1_j4k0o72 wrote

>Absolutely is not. Most intelligence departments, Department of justice, homeland etc all have some departments with air gapped machines for security reasons.

This is actually not true except in some edge cases. Most of the "air gapped" networks are actually only logically separated. For example DOD's NIPR (often referred to as the "low side") is their version of what most companies have, the network most directly connected to the internet, as well as the DREN (for research and development). No classified data is allowed here.

But they also have other networks, sometimes referred to as the "high side" (i.e. SIPR, JWICS), where classified data (Secret and Top Secret, respectively) can be stored. It's a common misconception that these are air gapped, but they're actually more like a VPN on top of NIPR. Additionally, there are various "gateways" (i.e. DOTS, Cross Domain Enterprise Email Service) to allow limited communication and data transfer between low and high sides.

4