Adama's Rule

Adama's Rule is a design principle for computer systems that, given the increasing prevalence of computers in traditionally non-computerized products, needs significant attention.

It can be stated thus:

Do not network anything that can kill you.

The name derives from the 'Battlestar Galactica' reboot, where the Cylons (malicious robotic attackers) are able to defeat most of the titular Battlestars by suborning their networks, to which the Battlestars' weapons systems are attached. The Galactica, being too old for ship-wide networks, is immune to this attack vector, and manages to survive this initial attack.

There are many systems in place that are capable of killing people if they are made to operate outside of set parameters. Trivially, you could consider pacemakers to be one of these - if the pacemaker malfunctions, it can cease to be theraputic and could potentially become quite harmful.

However, given the increasing penetration of networked systems into all areas of industry, there are other systems that have significantly more impact - and could potentially cause significant harm to many more people. Industrial control systems may fall under this category in some cases - for instance, dam controls: if the controls for a dam are compromised (and control panels for dams have been found available to the internet already!) then a moderately intelligent attacker could conceivably stick the controls in such a manner that failure of the dam itself is a possibility.

One need only look up past examples of dam failures to see how that could quickly harm many people.

Other control systems could also be made harmful more subtlely - refrigeration, for instance, could be compromised such that food in storage is allowed to rise to unsafe temperatures that breed bacteria, and potentially result in significant illnesses. Gas pipelines could be induced into unsafe configurations resulting in leaks or explosions. Oil pipelines could be coerced into spilling their contents.

Adama's Rule recommends isolation from networks for any such systems - or, at the very least, isolation from the public internet. While this does result in signficant additional expense, it does significantly improve the safety of such systems if internet-based remote access is prevented.

If an attacker cannot get a route to the system due to a lack of connection between the attacker's network and the target network, then it is much harder (though not impossible - see, for instance, stuxnet and the Iranian centrifuges) to attack them.

When lives are potentially at stake, consider Adama's Rule as a guiding principle.