Reader Feedback: Get Some IT Help to Protect Your SCADA System

Our Reader Addresses Their Concern for Many of Their Customers' Control System Security (or Lack of It)

By Jim Memmer

Share Print Related RSS

As always, Jeremy Pollard hit the nail on the head with his latest column ("Wolf at the Cyber Door?" September 2012). I am very concerned about many of my customers' security (or lack of it) for their control systems.

A majority of my customers are small water and sewer utilities. I have put in the SCADA systems and set up security the best I know how. However, what I find is that all their PCs are on a simple peer-to-peer networks, running out-of-date (non-updating) antivirus, and no firewalls. All drives on the network are shared. I can see file folders labeled Payroll, Budget, etc., and have full access to them. While setting up a SCADA system at one site, for three days there were two job applications lying out in full view on the desk with all personal data visible!

When I insist on user passwords, I get "1234" for the operators (no setpoint control, view only) and similar four-digit passwords for supervisors with full access.

I don't believe we have to fear terrorist organizations as much as the kid in the apartment building next door!

In all honesty, I feel they need an IT person to configure security. I am not skilled at that and cannot keep up to date on those threats and my own areas of responsibility, too. Most days, I don't feel I have enough competence for my own work!

Keep up the great work.

Jim Memmer,
CET,
JH Memmer Technical Services, www.jhmemmer.com

Share Print Reprints Permissions

What are your comments?

Join the discussion today. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments