Secure is not a binary term.

If sjunet is managed as a number of interconnected airgapped networks then I for sure find that more secure than a Internet connected network. The attacker surely still have vectors in but whole classes of common attacks are mitigated.

Even if it is just "one big intranet" it is still better than one big intranet with one really good ((zero) trust me bro!) firewall to the Internet.

Various levels of zero trust principles can easily be applied within sjunet. That makes it better in my eyes.

For critical infrastructure I find this an important step. In the end security relies on us stupid humans. And it is easier to manage an airgap. It is the number of things we do afterwards to bypass it which is the problem.

The idea of an Intranet is still sound. But private does not mean secure. It is just a security layer. The next layer is if you run it fully open. Are the rooms locked? Do you require 802.11X certificates for connectivity? Are all ports open for all clients/hosts. Do you have a sensible policy for you host configuration? Have you segmented the network even further? Etc. Etc.

So your point is still valid for sure! You should secure it like on the public Internet aka a hostile environment. That is the important takeaway.

My point is that is should no be used as an argument against a private network. For large critical infrastructure such as hospitals it makes good sense. It is an added layer for the attacker to overcome - it is not security theater. For some the hassle might not be worth the while but that is then the trade off as with all forms of security.

It ain't binary but discussion often end up like that. Done right it can be additive. Done wrong it just adds pain and agony.

We all dread the security theatre. I boldly claim this aint't it.

Who says they're not securing anything apart from being air-gapped from the internet?

Sjunet is not air-gapped though. Clients can connect via vpn over the internet.

It's not necessarily air-gapped. There are many ways to accidentally or deliberately patch the intranet and internet together.

Maybe knowing there are many institutions on the network is a good motivation to keep services secure. It's apparent any hospital or vendor may be breached. So if you overcome the false sense of security, the separate network will give you another layer of defense.

So they actually have multiple physical sets of cables?

Yes, I think so. There's not much public information, perhaps on purpose.

> might not have been secured like they would have been on the public Internet

Yes, because we all know how secure the tings on the public Internet are. /s

Nobody's saying that a private network doesn't have to be properly secured, you're fighting a strawman argument