First real-world SCADA attack in US

Ryan Pavely paradox at
Mon Nov 21 14:22:01 CST 2011

Might I suggest using if you want less spam :P

Pretty scary that folks have
  1. Their scada gear on public networks, not behind vpns and firewalls.
  2. Allow their hardware vendor to keep a list of usernames / passwords.
  2b. Obviously don't change these so often.  Whens the last time they 
really "called support" and refreshed the password with the hw 
vendor.... Probably when they installed the gear... Sheesh..

Perhaps the laws people suggest we need to protect ourselves should be 
added to.  If you are the operator of a network and due to complete 
insanity leave yourself wide open to attack, you are just as guilty as 
the bad guys... But then again I don't want to goto jail for leaving my 
car door open and having someone steal my car, so nix that idea.

   Ryan Pavely
    Director Research And Development
    Net Access Corporation

On 11/21/2011 2:48 PM, Leigh Porter wrote:
> I checked the SCADA boxes used in our "smart" building. They are all using
> Is that a security risk?

More information about the NANOG mailing list