Researcher Publishes Industrial Complex Hack

snydeq writes "Security researcher Kevin Finisterre has published code that could be used to take control of computers used to manage industrial machinery, potentially giving hackers a back door into utility companies, water plants, and even oil and gas refineries. The code exploits a flaw in supervisory control and data acquisition software from Citect. The vendor has released a patch and risk arises only for systems connected directly to the Internet without firewall protection. Finisterre, however, sees the issue as indicative of a 'culture clash' between IT and process control engineers, who are reluctant to bring computers off-line for patching due to the potential havoc wreaked by downtime. 'A lot of the people who run these systems feel that they're not bound by the same rules as traditional IT,' Finisterre said. 'Their industry is not very familiar with hacking and hackers in general.'"

IT needs to serve the customers needs.

[geekoid]

"who are reluctant to bring computers off-line for patching due to the potential"

no shit? of course they are, an and industrial machine should ahve to come down for patching.
This is why Windows should not be used in 24/7 industrial work.

Computers need to live up to the needs of the industrial machines they serve, not the other way around.