nanog mailing list archives
Re: First real-world SCADA attack in US
From: Charles Mills <w3yni1 () gmail com>
Date: Mon, 21 Nov 2011 16:38:42 -0500
Having worked on plenty of industrial and other control systems I can safely say security on the systems is generally very poor. The vulnerabilities have existed for years but are just now getting attention. This is a problem that doesn't really need a bunch of new legislation. It's an education / resource issue. The existing methods that have been used for years with reasonable success in the IT industry can 'fix' this problem.
Industrial Controls systems are normally only replaced when they are so old that parts can no longer be obtained. PC's started to be widely used as operator interfaces about the time Windows 95 came out. A lot of those Win95 boxes are still running and have been connected to the network over the years. And... if you can destroy a pump by turning it off and on too often then somebody engineered the control and drive system incorrectly. Operators (and processes) do stupid things all the time. As the control systems engineer your supposed to deal with that so that things don't go boom. -- Mark Radabaugh Amplex mark () amplex net 419.837.5015 ===============================================
There are still industrial control machines out there running MS-DOS. As you said not replaced until you can't get parts anymore. Chuck
Current thread:
- Re: First real-world SCADA attack in US, (continued)
- Re: First real-world SCADA attack in US Ryan Pavely (Nov 21)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 21)
- Re: First real-world SCADA attack in US Stefan Bethke (Nov 21)
- Re: First real-world SCADA attack in US Leigh Porter (Nov 21)
- Re: First real-world SCADA attack in US Mark Radabaugh (Nov 21)
- Re: First real-world SCADA attack in US Steven Bellovin (Nov 21)
- Re: First real-world SCADA attack in US Michael Painter (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 21)
- Re: First real-world SCADA attack in US Charles Mills (Nov 21)
- Re: First real-world SCADA attack in US Mark Radabaugh (Nov 21)
- RE: First real-world SCADA attack in US Jason Gurtz (Nov 21)
- Re: First real-world SCADA attack in US Christopher Morrow (Nov 21)
- Re: First real-world SCADA attack in US Jimmy Hess (Nov 21)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 21)
- Re: First real-world SCADA attack in US Jussi Peltola (Nov 21)
- Re: First real-world SCADA attack in US Valdis . Kletnieks (Nov 21)
- Re: First real-world SCADA attack in US Brett Frankenberger (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 22)
- Re: First real-world SCADA attack in US Brett Frankenberger (Nov 22)