TFLYTSNBN wrote:I think that Daryl just refuted your point.
No, he didn't.
"Disconnecting critical infrastructure from the Internet" requires massive investments in purpose-built infrastructure. You can do a soft disconnect by allowing your critical infrastructure stuff only access to a limited subnet that is tunneled over existing communications infrastructure, but that opens up vulnerabilities (do you know what software is running on your backbone routers?); Even when you do invest the time and money into creating completely isolated networks, all it needs is for someone to make a small mistake (intentionally or not) and your entire system is vulnerable. For reference, see Stuxnet and its derivatives -- malware that appears to be highly targeted at disconnected systems running SCADA services.
The point is, securing your systems against a nation-state level threat is very hard to pull off. It requires more ressources than any given state usually has on hand.
I will also note that what Daryl describes is a situation that requires a constant commitment of the people using those systems to stick to procedure no matter how inconvenient it is -- and we all know how unreliable that is.
Bottom line: The only secure computer is one that sits in a bunker, at the bottom of the ocean, with no power and that has been smashed to bits.