SecurityFocus reports today that US SCADA systems are finally getting the attention they deserve:
“Wary of the increasing number of online attacks against industrial control systems, the U.S. government has begun a major push to secure the systems used to control and monitor critical infrastructure, such as power, utility and transportation networks.”
I did some consultative/audit work with a utility company in the late 1990s and was surprised that networked systems had become so commonplace with so few controls. Fail-safes were everywhere for the critical infrastructure (most of which was heavily engineered and influenced by ideas that probably went back to the beginning of utilities themselves) so disasters seemed unlikely without some knowledge or access, but simple network devices (routers) and Microsoft software were spreading like crazy to “increase efficiency” for remote management and control systems.
To be fair, that all was before the Critical Infrastructure Project (CIP) was even started. I just checked their online files and it seems that progress is slow but steady.