On 6/29/07, Paul Ferguson <[EMAIL PROTECTED]> wrote:
True enough. I've a number of conversations with several people on this issue in the past few months that go something along the lines of: Me: "You'd be shocked if you knew the extent of the problem." Them: "Huh? Aren't critical systems like electrical power, etc. not connected to the Internet?" Me: "You'd think they wouldn't be, but you'd be wrong." Some astoundingly stupid business decisions may put critical infrastructure at risk?
Absolutely - and decisions often made by management and not the engineers. Some of it is for ease of use, so an electrical engineer can monitor a pump station or a power substation from his desk, "We'll just put sensors on this network - and it will have its own VLAN, that's safe." <skip a year> "We need to be able to control that pump ASAP - do what you have to do." _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
