Wednesday, September 10, 2008

Industrial Security? We'll see

Both my readers will remember the recent post on SCADA vulnerabilities. Seems that now there's exploit code in the wild. The next few months could prove interesting indeed.

This is probably the worst situation that a security guy can be in. You know that there's a credible threat to your systems. If this system is running a power plant, refinery, or factory, someone might get hurt if something goes wrong. But a lot of managers won't want to apply the security patch.

How come? Because you almost always have to shut down the computer when you do this, which means you have to shut down the power plant, refinery, or factory. This costs money. Hey, maybe it'll all be OK, right?

Patching is hard. Downtime costs money. This is why important computers should never, ever, be on Al Gore's intarwebz thingie.

Via Slashdot. The comments are well worth reading.

No comments: