As we connect ever more equipment to networks in general and to the internet specifically. And link ever more and more controls to front ends that use commonly known and understood protocols, commands, etc.

The below links refer to problems with SCADA systems. But the same principles and ideas can be applied to other open control protocols and frameworks for which there is plentiful documentation and real equipment that can be purchased by anyone for the purposes of testing, learning, and so forth.

Wallstreet Journal article:
Electricity Grid in U.S. Penetrated By Spies

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

http://online.wsj.com/article/ SB123914805204099085.html


"Zombies ahead!" sign says something about SCADA security

http://blogs.zdnet.com/security/?p=2452


Experts hack power grid in no time
Basic social engineering and browser exploits expose electric production and distribution network

http://www.networkworld.com/news/2008/040908-rsa-hack-power-grid.html


C4-Security is an industry association which concerns itself with Scada security issues. Here is a list of some real incidences they've got on record:

http://www.c4-security.com/index-5.html


I'm guessing that there is a very good reason that one of our larger and more security conscious customers does not allow any PC that is connected to their intranet or to the Internet in general, to be also connected to their controls network.

Add your unsecure iPhone to the list.

I think it's interesting they had this sci-fi show that had this spaceship that survives because it wasn't networked.

Many people now are installing their own networks within buildings. That way they control their points of access and the building owner writes this off as an entry to their system.

It mostly comes down to access and access points. I guy infiltrating your building has to both see and access your comm to get in and start doing work. Or, that guy needs to get into a PC or embedded controller having access. I think guys and engineers requiring all the tools be bundled with the controlling device may want to rethink things a bit. If I can hack into an embedded box with it's associated work tool in it that may create a problem.

I think most guys are not even employing simple things. Passwords are all defaulted and computer updates are automatic rather than controlled and monitored.

If I can hack into an embedded box with it's associated work tool in it that may create a problem.

I can blank your admin password in a non syskey partitioned Windows box by just having physical access to it, and then it won't matter what tool you're running. But I can't do the same to an embedded box running Qnx. (http://www.qnx.com/products/neutrino_rtos/secure_kernel.html)

Digo - You are a very sharp guy... and reader. How does it do with DoS?

Well thank you sys, I know you meant that as a compliment.
Are you talking about this DoS vulnerability?
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=28331

That's from 5 years ago, so you're a little bit behind the curve on that one.
Fast forward to 2009, I've got a T-box here running QNX 6.3.2
By the next release, we'll probably move to 6.4.0, which has been certified to the stringent security requirements of the Common Criteria ISO/IEC 15408 Evaluation Assurance Level 4+ (EAL 4+).

source: http://www.qnx.com/news/pr_3361_1.html