Not a chance

Routers get shipped en mass pre-configured with standard corporate (known by many, easily cracked) passwords. Rarely are they changed.

SCADA isn't designed for ANY network attachment. Any security on it is an afterthought, and rarely works. The vast majority of our electrical infrastructure, chemical plants, manufacturing plants, etc, are run from off the shelf SCADA components which are not intended to be connected to the back-office network.

And they always connect it so the engineers can work remotely and the back-office people can get ongoing automated reports. Which in turn allows malware to attack them, and the malware is SIMPLE.

You work in the office. You hear all the good things that the managers are reporting. I work in the tranches. I see what they are not.

Your daily lookers are too busy fighting fires, and they don't have access to the proprietary underlying SCADA code to fix it anyway. They try to sandbox it via routers and firewalls, but it is piecemeal, and doesn't work.

Post #346,201 by crazy 8/15/11 1:43:23 PM Reply	Not a chance Routers get shipped en mass pre-configured with standard corporate (known by many, easily cracked) passwords. Rarely are they changed. SCADA isn't designed for ANY network attachment. Any security on it is an afterthought, and rarely works. The vast majority of our electrical infrastructure, chemical plants, manufacturing plants, etc, are run from off the shelf SCADA components which are not intended to be connected to the back-office network. And they always connect it so the engineers can work remotely and the back-office people can get ongoing automated reports. Which in turn allows malware to attack them, and the malware is SIMPLE. You work in the office. You hear all the good things that the managers are reporting. I work in the tranches. I see what they are not. Your daily lookers are too busy fighting fires, and they don't have access to the proprietary underlying SCADA code to fix it anyway. They try to sandbox it via routers and firewalls, but it is piecemeal, and doesn't work.
Post #346,204 by beepster 8/15/11 2:10:18 PM Reply	Actually In general, I would agree..what I'm referencing is not in general. No more can be said here. Not talking to the managers. Talking to the engineers. Sure, understanding today's complex world of the future is a little like having bees live in your head. But...there they are.
Post #346,231 by crazy 8/15/11 10:17:58 PM Reply	Hey, maybe you've seen a decent implementation But you know the vast open sea of SCADA installed base, just waiting to be hacked, isn't going away.
Post #346,244 by beepster 8/16/11 7:02:53 AM Reply	Yes I have, and yes I know.. ...and hopefully they will go away...need to keep busy;-) Sure, understanding today's complex world of the future is a little like having bees live in your head. But...there they are.

Welcome to IWETHEY!