First real-world SCADA attack in US
w3yni1 at gmail.com
Mon Nov 21 15:38:42 CST 2011
Having worked on plenty of industrial and other control systems I can
safely say security on the systems is generally very poor. The
vulnerabilities have existed for years but are just now getting attention.
This is a problem that doesn't really need a bunch of new legislation.
It's an education / resource issue. The existing methods that have been
used for years with reasonable success in the IT industry can 'fix' this
> Industrial Controls systems are normally only replaced when they are so
> old that parts can no longer be obtained. PC's started to be widely used
> as operator interfaces about the time Windows 95 came out. A lot of those
> Win95 boxes are still running and have been connected to the network over
> the years.
> And... if you can destroy a pump by turning it off and on too often then
> somebody engineered the control and drive system incorrectly. Operators
> (and processes) do stupid things all the time. As the control systems
> engineer your supposed to deal with that so that things don't go boom.
> Mark Radabaugh
> mark at amplex.net 419.837.5015
There are still industrial control machines out there running MS-DOS.
As you said not replaced until you can't get parts anymore.
More information about the NANOG