SCADA – and now for something new…

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

Almost three and a half years after I published The SCADA Scandal, and over a year after The Biggest Hole – Keeps Getting Bigger, it seems that something is finally being done.

Over the last weekend, it emerged that two researchers, using a tool not more complicated then Google Search have found more than 500,000 SCADA devices which use little to no security, and are accessible from the Internet.   This deserves repeating:   over 500,000 from Internet-connected SCADA devices alone.  This does not include the many millions of devices that are not direct-connected to the Internet.

The state is truly grim.


From those, it appears that Mark and friends at DHS, have contacted the ‘owners’ for the 7,200 systems judged the most risky or egregious  in terms of potential impact to the country (US) . and are working with these owners to fix the situation or remove these systems from the Internet.


So the good news is that (finally) something is being done.   I wonder if we can continue to be just  step ahead of hackers and rely on luck, or should we have a more fundamental risk-based approach to SCADA security.