Re: Excellent
"On a closed secure site: fine, give it a go. If you can manage to operate efficiently without any link to the outside world then I'm happy for you. Most business don't work that way."
There is no reason a public utility or any industrial system needs to be linked to the outside world via the public internet. If interconnection to other company sites is required then use a physical private line and make sure its air gapped at the terminus. How to enforce? Have monitor daemons which set off an alarm if any network parameters are changed, have timestamped CCTV in the server room and bring civil and possibly criminal damages against anyone who breaches the air gap without explicit permission from the IT director.
You can't prevent a willful sabateur from removing the air gap but to do so they've got to get into your server room and if they've managed that then you're royally screwed anyway. But you can prevent idiots doing it and saying its not possible is really just an excuse for laziness.
Biting the hand that feeds IT
