First real-world SCADA attack in US

Charles Mills w3yni1 at gmail.com
Mon Nov 21 21:38:42 UTC 2011


Having worked on plenty of industrial and other control systems I can
safely say security on the systems is generally very poor.   The
vulnerabilities have existed for years but are just now getting attention.
   This is a problem that doesn't really need a bunch of new legislation.
It's an education / resource issue.   The existing methods that have been
used for years with reasonable success in the IT industry can 'fix' this
problem.

>
> Industrial Controls systems are normally only replaced when they are so
> old that parts can no longer be obtained.   PC's started to be widely used
> as operator interfaces about the time Windows 95 came out.   A lot of those
> Win95 boxes are still running and have been connected to the network over
> the years.
>
> And... if you can destroy a pump by turning it off and on too often then
> somebody engineered the control and drive system incorrectly.  Operators
> (and processes) do stupid things all the time.  As the control systems
> engineer your supposed to deal with that so that things don't go boom.
>
>
>
> --
> Mark Radabaugh
> Amplex
>
> mark at amplex.net  419.837.5015
>
> ===============================================
>
There are still industrial control machines out there running MS-DOS.

As you said not replaced until you can't get parts anymore.
Chuck



More information about the NANOG mailing list