[ale] OT, mostly - remote access w/o internet

[Thompson Freeman]

On 03/15/2010 12:04:08 AM, Neal Rhodes wrote:
> I'm pondering on this for a friend.     (really!)   He
> supports control
> systems for power plants.
> 
> Power companies are adamant that their control systems
> will NEVER touch
> the internet.   I'm not sure I disagree with them; but it
> don't matter.

I am _sure_. I don't want ever to hear that some random  
individual can tap into the control functions of a nuke.  
And the ability to glitch a traditional steam plant would  
potentially be outrageously expensive also. As well as  
having the potential to risk life.

> 
> So, whenever said friend gets a call from said power
> plant, if he can't
> resolve it over the phone, he gets in the car and drives.
> Hundreds of
> miles.
> 
> Ergo, accepting that the power company won't ever change,
> I'm thinking
> what kind of remote access could be configured that would
> meet their
> most
> rigorous requirements:
> 
> A. No in-bound access.
> B. Initiate FROM the power plant TO the support vendor.
> Shutdown when
> problem resolved.
> C. Allowing many power plants to access a single vendor
> number, although
> not all at the same time.
> D. Effectively impossible to intercept.
> E. Insignificant monthly costs.
> 
> I'm coming up with the vendor hanging a 56K dialup modem
> on a linux box,
> supporting an inbound PPP call from the vendor with a 56K
> modem.   Dog
> slow, but I remember the days when we thought that was
> wicked fast and
> it's still waaaaay faster than driving to pensacola and
> back.
> Essentially impossible to eavesdrop or intercept, and it's
> really easy
> to verify the modem is switched off when the vendor is
> done.   Of
> course, that requires a "real" phone line to work.
> 

Can the power plant verify that the box isn't networked?  
And verify that in real time?

I would suspect that securing things at this point would be  
the big issue. Establishing the outbound link isn't that  
hard. Establishing that the outbound link isn't  
compromised, and can not be compromised, is hard.

> What else?   I was thinking a bonded ISDN line.  Those
> support dialup to
> another ISDN, and would get them up to 128KB.  (whoohoo)
> Also
> essentially not possible to intercept and the same degree
> of isolation,
> but the power company might not "trust" that it's truly
> dormant when
> offline.
> 
> What else?   They could technically go with leased lines,
> but client
> fear of that might be impossible to overcome.   You could
> talk yourself
> blue about running a VPN over the leased line, but they'll
> plug their
> ears and run.
> 
> Somehow initiating a new project with 56K modems sounds
> like dinosaurs
> mating in the snow, but I'm not seeing really swell
> alternatives.
> 
I like the image of dinosaurs mating in the snow. Thanks.

I suspect that the weakest link in this plan so far is not  
the physical layer. Rather, ensuring to the level of a  
hostile lawyer that the end point of the link is secured,  
and will stay secured. Once that is accomplished, let them  
thar dinosaurs mate like mad!

YMMV, IANAL, and all other weasel concepts apply with a  
vengeance at this point.