In a lot of industrial sites software security is a joke. Embedded systems tend to use very old, well proven technology, which in itself isn't a problem, it fits the market well, but the side effect is that security isn't always properly considered as it wasn't a concern when the software/hardware was developed.<p>I was involved in a project a few years ago delivering a series of monitoring systems running Windows XP to a brand new 700 million dollar oil rig. This was at the request of the client, they had software they needed that would only run on Windows XP. They had a fit when we had trouble sourcing Windows XP licenses. The expectation is that these systems will have a 20 - 30 year life.<p>It used to be that keeping every air gapped was enough, but organizations want easier monitoring, so more systems are being networked in an ad-hoc way without a lot of thought about security.<p>I expect we are going to see more things like this happening in the future until we start taking security in systems / embedded space more seriously. And even then there will be exploits of older systems for years afterwords since the replacement cycle is so long.<p>I wonder what a secure embedded system even looks like when I think about it. The environment isn't suitable to the kind of continuous patching that is done in the web world, but exploits will be found and dependencies will need to be updated. How do you square keeping things up to date with stringent testing requirements in systems that can kill people. Many of these systems / plants are unique, there is only one plant like it in the world, so testing becomes very hard.
Here's a Shodan search that will net you 5K+ fuel tank controls.<p><a href="https://www.shodan.io/search?query=inventory+port%3A%2210001%22" rel="nofollow">https://www.shodan.io/search?query=inventory+port%3A%2210001...</a>
I once encountered a guy who was setting up systems so that you could control a water treatment plant from your ipad at home. His attitude was, "Modbus on one side, ethernet on the other, what could possibly go wrong?" Lots, I told him. A lot of things could go wrong.
Here's the direct link to the report: <a href="https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html" rel="nofollow">https://www.fireeye.com/blog/threat-research/2019/04/triton-...</a><p>Article spends too much time FUDing "plant explosions" for my taste
And this is precisely why we can never consider nuclear power to be “safe”.<p>It’s just not worth the <i>risk exposure</i>. The worst case failure modes must be expected to occur, and they must be economically and ecologically acceptable when they do.<p>The idea that “this can theoretically happen but we promise it won’t” is simply not acceptable. Versus, “this is extremely unlikely to occur because of these numerous counter-measures, <i>but when it does</i> here’s what we do and what it will cost us.”<p>If you can do the later analysis on a nuclear plant and come away satisfied, then build baby build.