On 11/21/11 4:38 PM, Charles Mills wrote:
Having worked on plenty of industrial and other control systems I can
safely say security on the systems is generally very poor. The
vulnerabilities have existed for years but are just now getting
attention. This is a problem that doesn't really need a bunch of
new legislation. It's an education / resource issue. The existing
methods that have been used for years with reasonable success in the
IT industry can 'fix' this problem.
Industrial Controls systems are normally only replaced when they
are so old that parts can no longer be obtained. PC's started to
be widely used as operator interfaces about the time Windows 95
came out. A lot of those Win95 boxes are still running and have
been connected to the network over the years.
And... if you can destroy a pump by turning it off and on too
often then somebody engineered the control and drive system
incorrectly. Operators (and processes) do stupid things all the
time. As the control systems engineer your supposed to deal with
that so that things don't go boom.
--
Mark Radabaugh
Amplex
m...@amplex.net <mailto:m...@amplex.net> 419.837.5015
<tel:419.837.5015>
===============================================
There are still industrial control machines out there running MS-DOS.
As you said not replaced until you can't get parts anymore.
Chuck
Oh yeah.... just not too many of those MS-DOS machines have TCP stacks :-)
I still get calls to work on machines I designed in 1999. It's a real
pain finding a computer that can run the programming software. A lot
of the software was written for 386 or slower machines and used timing
loops to control the RS-232 ports. Modern processors really screw that
software up.
--
Mark Radabaugh
Amplex
m...@amplex.net 419.837.5015
