Reader Feedback: Get Some IT Help to Protect Your SCADA System

Oct. 4, 2012
Our Reader Addresses Their Concern for Many of Their Customers' Control System Security (or Lack of It)

As always, Jeremy Pollard hit the nail on the head with his latest column ("Wolf at the Cyber Door?" September 2012). I am very concerned about many of my customers' security (or lack of it) for their control systems.

A majority of my customers are small water and sewer utilities. I have put in the SCADA systems and set up security the best I know how. However, what I find is that all their PCs are on a simple peer-to-peer networks, running out-of-date (non-updating) antivirus, and no firewalls. All drives on the network are shared. I can see file folders labeled Payroll, Budget, etc., and have full access to them. While setting up a SCADA system at one site, for three days there were two job applications lying out in full view on the desk with all personal data visible!

When I insist on user passwords, I get "1234" for the operators (no setpoint control, view only) and similar four-digit passwords for supervisors with full access.

I don't believe we have to fear terrorist organizations as much as the kid in the apartment building next door!

In all honesty, I feel they need an IT person to configure security. I am not skilled at that and cannot keep up to date on those threats and my own areas of responsibility, too. Most days, I don't feel I have enough competence for my own work!

Keep up the great work.

Jim Memmer,
CET,
JH Memmer Technical Services, www.jhmemmer.com