I’m sorry, but for some reason there are exactly two types of humans in industrial cybersecurity. 95% are mission driven and incredibly fun and kind. 5% are very angry and gatekeepy senior people who want to prevent anyone else from ever contributing to the field. #ICSCybersecurity

Speaking of #ICSCybersecurity… I think I’ve gotten a lot of followers on social justice and general IT lately. As a little re-intro, what I do for a living is respond to and investigate hacking of critical industrial infrastructure like power, water, manufacturing, and transportation. Stuff that doesn’t look like computers but often is today. I’ve been doing it for over a decade and a half, If that’s ever something you want to know more about, AMA and I’ll do my best to answer your questions.

@david42 I see maybe two airgaps a year doing it daily outside of nuclear and defense. They’re mostly a myth now and have been for at least a decade. Too much efficiency and reduced staffing gained by networking. We even see cloud now. Vendors demand connections to provide warranty support.

@hacks4pancakes I could imagine a setup with a physical airgap that can be connected for maintenance and then disconnected, but I guess anything like that requires hands and time, and sounds like the industry is "optimizing" that out.

@david42 correct. I have seen remote access that’s connected and disconnected but it’s rarer all the time. It’s mostly just a normal DMZ between IT and the process environment, and those are as good as you make them.

@hacks4pancakes @david42 this kind of setup (OT and IT network separated) is supposed to be the standard in the marine space but I have yet to find a case where there wasn't something bridging the gap. a lot of the time it's intentional (remote monitoring) but it's also not uncommon that a contractor plugged a patch lead between the switches and then forgot to remove it. all the networked gear is serviced on-site by the vendor so rigid change control is borderline impossible.