I remember a few years ago when I was talking with some people in charge of building nuclear plants and how they went on and on about how secure their systems were due to network isolation. I kept attempting to point out that between their new Internet connections that let them monitor core systems remotely and all of the IoT they were installing that network isolation was not sufficient. Nope, they said, network isolation is King. Guess again. Yesterday a hack was revealed that completely exposed network isolation as an insufficient mechanism for securing subsystems. Finally, somebody has proven what we have inherently known for some time. Now this hack was a pure beat down of network isolation using routers (and, by extension, Software-Defined networks) but, really, adding in IoT/IIoT/IoBT, just exacerbates the situation.
I sound like a broken record with this, I know, but to protect devices and their communications, you need to be on those devices. We need protection down at the low levels that hackers exist and we need powerful intelligence at the point of attack. Look, SDNs and network isolation are perfectly fine for creating networks – they just need some help in terms of protecting data. That is not really their job although many people attempt to lump security on top of these solutions. Now that network isolation has been exposed, perhaps it is time to find a better solution for security?