Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)]

["Brian Loe" <knobdy () gmail com>]

On 6/29/07, Paul Ferguson <fergdawg () netzero net> wrote:

> True enough.
>
> I've a number of conversations with several people on this issue
> in the past few months that go something along the lines of:
>
> Me: "You'd be shocked if you knew the extent of the problem."
> Them: "Huh? Aren't critical systems like electrical power, etc.
> not connected to the Internet?"
> Me: "You'd think they wouldn't be, but you'd be wrong."
>
> Some astoundingly stupid business decisions may put critical
> infrastructure at risk?

Absolutely - and decisions often made by management and not the
engineers. Some of it is for ease of use, so an electrical engineer
can monitor a pump station or a power substation from his desk, "We'll
just put sensors on this network - and it will have its own VLAN,
that's safe." <skip a year> "We need to be able to control that pump
ASAP - do what you have to do."
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.