Hackers Gain "Full Control" of Critical SCADA Systems

mask.of.sanity writes "Researchers have found holes in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. They also identified more than 150 zero day vulnerabilities of varying degrees of severity affecting the control systems and some 60,000 industrial control system devices exposed to the public internet."

Re:These systems are a product liability nightmare

Updating breaks now with near certainty. Not updating breaks later with a lower probability. Easy choice,

Sad, but true.

Re:These systems are a product liability nightmare

[dkf]

There is an old-school engineering mentality that is pervasive based on the old adage "if it ain't broke don't fix it".

The problem with that is, by putting it on the internet, they've broken it (even if the breakage hasn't hit home yet). Nobody wants to admit that they've done that, but it's their own damn fault. A good start to fixing things would be to airgap the SCADA network from the internet, and if connecting is necessary at all, to use a good double firewall with hardened DMZ machine in between. The DMZ can be locked down hard and updated carefully, and it doesn't need to ever hold systems that need careful certifying as it should never be in the control loop; just out of band monitoring.