On Air Gaps and Killer Toothbrushes

For all the exhortations in favor of them, air gaps protecting Industrial Control System networks have that “Not Happening” thing going on in the real world. It might be considered surprising that folks with outrageous amounts of experience would argue at all in their favor at what seems like such a late date, but in fact it follows a curve that is instructive inasmuch as we can see how it has been bending so far.

This is a pattern that seems very predictable given my own varied path through tech. It speaks to a specific challenge we face in achieving our objectives that is as tangible and consequential as an over-pressured pipeline or PLC vulnerability. The challenge isn’t that you have to deal with a lot of block-headed, tunnel-visioned cardboard cutout people – as is popularly believed – but exactly the opposite.

This is both good and bad.

A herd of cattle may not be efficient but you know what you have to do to deal with it. When people who are smarter than you are disagree with you – about something that it is very important you get right – you have to think really, *really* hard and stress out about it continuously. Getting gored by rampant BBQ-fodder may be a touch painful for a few moments, but debating points of life and limb with folks who make Hannibal Lechter look like a dimwit is a particularly elegant agony which lingers much longer.

In the early 90s I attended a conference where Dennis Ritchie and Marcus Ranum were leading a packed room discussing security and firewalls. With what I came to recognize as Marcus’ trademark directness, he lay down the conversational Gauntlet[tm] on the inarguable necessity for firewalls to be open source.

I was just an upstart who had fallen into a sketch on a Chinese restaurant napkin like Alice into the Looking Glass, so though usually among the more outspoken folks in the room I relatively held my tongue on the absolute validity of the point in all cases. Heck, everyone in the room including the guy who invented the bloody firewall and another who invented the root of every modern operating system on the face of the freaking planet were incontrovertibly convinced that proprietary firewalls could never effectively compete with open source.

Ten years, thousands of BorderWare and millions of PIXen later I was taking Marcus to the airport after an advisory board thing with Protego. At some point in our stream-of-unconsciousness babbling he said he had to admit that history had shown my original point to be correct.

The experts can and should forever drive to achieve unrestricted ideals. But the engine to distribute the best possible saturation of the value of that knowledge – to the expanding billions of people who need it, in the minimum amount of time – requires proprietary products and corporate interests and all those ‘bad things’ pure engineers are genetically programmed to resist.

“Air Gaps” are the poster child for the same kind of syndrome in ICS. This syndrome led that room full of the smartest people in the world umpteen-odd years ago to firmly hold a belief that was not only incorrect but which had a direct negative impact on achieving the very goal they strove for. Had the braintrust represented in the room with Ritchie and Ranum decided that day to work *with* the Evil Overlords of Globalized Corporateness – instead of against them – we would certainly have had measurably more progress on deployed security over the intervening years.

But anyone expecting that to happen – at that time, among those people – would have been missing a lesson learned throughout human history. From the meeting where the money guy explained to the engineer that the company couldn’t justify the cost of raising those dividing walls a couple decks higher on the Titanic, to the city manager rejecting the architect’s request for larger stones in that one corner of the wall around Jericho, there has been an irreconcilable difference between the folks who build things and the folks who fund them.

Both sides are just being honest.

During a wing-fed evening following an enthusiastic exchange in Tim Roxey’s Roadmap talk at ICSJWG Savannah, Fred Cohen used the notion of hackable electric toothbrushes that killed our kids to prove a point about the necessity of making security intrinsic at the foundation of industrial control systems.

The long arcing history of the future will, I believe, prove Fred right about perhaps all of his expansively contemplated points. But we respectfully disagree about some of the shorter-term mechanisms necessary to survive the intervening decades in much the same way Marcus and I disagreed during the early firewall market.

Similarly, many of those who still rally to the defense of air gaps are folks with experience and intellect beyond question. They have spent more time applying those weighty assets to these issues than virtually anyone else, and their opinions cannot be disregarded. Experience and brilliance, however, do not always lead to correct conclusions.

Air gaps do not and should not exist. Patching vulnerabilities won’t make systems secure. Standards and regulations are here to stay. The threat will surpass our ability to tolerate it long before we can re-engineer and re-deploy every vulnerable system. These are all just facts, and ignoring them is just as dangerous as ignoring corrosion on high-pressure pipes.

It is easy to understand the arguments against these realities. Many of the folks who most vocally argue against them make excellent points backed by irrefutable experience and expertise. The highest art achieved is infiltrated to its core with capillaries of compromise, though, and the art we practice will not be found different.

Our responsibility to address the challenges we choose to bear remains, regardless of right or wrong by any other definition. History will not judge us by whether we used Best Practices or baling wire, it will judge us by our success.

Also on Infosec Island

This entry was posted in News. Bookmark the permalink.