• Godort
    link
    fedilink
    arrow-up
    24
    ·
    edit-2
    8 months ago

    There are a staggering number of SCADA systems open to the general internet, with basically no protection. They stay that way largely because adding a layer of security like a VPN connection requires a ton of red tape.

    Hopefully this forces some people to re-evaluate their stance

    • WhatAmLemmy@lemmy.world
      link
      fedilink
      arrow-up
      18
      arrow-down
      1
      ·
      8 months ago

      All Americans should be ecstatic that hundreds of billions of their tax dollars have gone to “intelligence” agency (aka private enterprises who operate outside democracy and the rule of law) dragnet collection of humanity’s personal data, and surveillance capitalism, instead of … securing and protecting their information systems — the primary purpose for their entire existence.

    • Kit@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      7
      ·
      8 months ago

      SCADA systems get a ton of state oversight. Auditors would be all over this in any state that gives a damn about their security.

      • Godort
        link
        fedilink
        arrow-up
        4
        ·
        8 months ago

        I’m sure some of the SCADA on Shodan are honey pots, but I highly doubt all of them are

      • prole@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        this in any state that gives a damn about their security.

        I think this is the important part of the comment

    • afraid_of_zombies@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      It’s the lowest qualified bidder. What qualified means varies a lot. Qualified can mean that it is literally has to have the trademark of a certain company on the machine/system (yes I have seen this spec). Qualified could mean a set of criteria so specific that no one could reasonably come close to it except one or two companies. Qualified could mean a rigid set of business criteria (must be based with x distance away, must have been doing y for a set amount of years) that only one company fits it. Plus there is always blacklisting. Mess up enough and you aren’t getting work there for a decade. The governments are not powerless in who they hire.

      Added to this there is usually a general contractor who outsources most of the work. They have a lot of power in who they want. Plus there are competitive specs which are fun to write. Did you company secretly invest 6 months into making a new feature? Get the new feature added to the spec and make sure they lose business for a while playing catch-up.

  • afraid_of_zombies@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    8 months ago

    Don’t put the DCS on the internet and you will be fine. If you absolutely must have some capability of remote viewing just point a webcam at the screens. And have that air gapped.

    Edit: forgot to mention the article doesn’t say the brand but I am betting since it is Israeli made it is Unitronics. These plants tends towards brand loyalty so if they had one Unitronics chances are all their HMI/PLC combos were that brand. Unitronics dominates pumps and boilers. So might have been a pumping station.