He he, And that, is precisely why the Australian Government advice for managing secure computer systems includes this requirement:
Control: ISM-1800; Revision: 0; Updated: Sep-22; Applicability: NC, OS, P, S, TS; Essential Eight: N/A Network devices are flashed with trusted firmware before they are used for the first time. Also, there are a heap of supply chain controls - essentially anything from a US vendor that may have been side shipped through the CIA is treated as being untrusted (cough cough CISCO) and is inspected and re-flashed before use: Control: ISM-1568; Revision: 7; Updated: Jun-25; Applicability: NC, OS, P, S, TS; Essential Eight: N/A Operating systems, applications, IT equipment, OT equipment and services are procured from suppliers that have demonstrated a commitment to the security of their products and services. Control: ISM-1882; Revision: 3; Updated: Jun-25; Applicability: NC, OS, P, S, TS; Essential Eight: N/A Operating systems, applications, IT equipment, OT equipment and services are procured from suppliers that have demonstrated a commitment to transparency for their products and services. Control: ISM-1632; Revision: 6; Updated: Jun-25; Applicability: NC, OS, P, S, TS; Essential Eight: N/A Operating systems, applications, IT equipment, OT equipment and services are procured from suppliers that have a strong track record of maintaining the security of their own systems. if anybody is bored, the entire UNCLASSIFIED Information Security Manual document is available for the public here: https://www.cyber.gov.au/resources-business-and-government/essential-cybersecurity/ism Full disclaimer - Day job is to help government agencies make sure they have correctly implemented all of those controls :-) Kindest regards, Doug Jackson em: [email protected] ph: 0414 986878 Follow my amateur radio adventures at vk1zdj.net On Sat, 26 Jul 2025 at 01:10, Jon Elson via cctalk <[email protected]> wrote: > On 7/24/25 23:09, Devin via cctalk wrote: > > Greetings, > > > > Been a long while since i have posted in on here. I usually discuss my > pdp 11 and vax systems. I have decided to pivot my career to scada syatems. > The company i am with has some interesting stuff that goes pretty far back. > Our custom in house tech is a plc pump controller with a radio connection > for data logging and control. Pretty cool, 8051 based, with a version of > basic in rom that has scada functions added. The backend servers are just > linux systems, although in a modular backplane for easy replacement. > > > > I have not read much about this tech outside of what we have in house. > Are there other historic scada system computers or technologies that are > similar, easily found on ebay for example? > > > > Ive seen some mention of old allen bradley stuff, but not much notes on > how it would be used remotely in the field, as a remote > > terminal unit. > > > Allen-Bradley made a bunch of SCADA gear that was used in > power substations. > > I think theirs MIGHT have been the one that was responsible > for the Y2K scare, but it might have been somebody else's unit. > > Also, way back, there was a case where a SCADA manufacturer > thought some of their gear was being bought for the > trans-Siberia pipeline, and couldn't be sold for that under > trade restrictions. Somebody at that company got in touch > with a contact at the CIA, and asked if they wanted to > insert a "feature" into those units. They put in a time bomb > that was essentially the same as the Y2K shutdown, and blew > up the entire pipeline when all the valves slammed shut at > the same time. This info was reported by the famous Jack > Anderson in the Washington Post. > > Jon > >
