As always, Jeremy Pollard hit the nail on the head with his latest column ("Wolf at the Cyber Door?" September 2012). I am very concerned about many of my customers' security (or lack of it) for their control systems.
A majority of my customers are small water and sewer utilities. I have put in the SCADA systems and set up security the best I know how. However, what I find is that all their PCs are on a simple peer-to-peer networks, running out-of-date (non-updating) antivirus, and no firewalls. All drives on the network are shared. I can see file folders labeled Payroll, Budget, etc., and have full access to them. While setting up a SCADA system at one site, for three days there were two job applications lying out in full view on the desk with all personal data visible!
When I insist on user passwords, I get "1234" for the operators (no setpoint control, view only) and similar four-digit passwords for supervisors with full access.
I don't believe we have to fear terrorist organizations as much as the kid in the apartment building next door!
In all honesty, I feel they need an IT person to configure security. I am not skilled at that and cannot keep up to date on those threats and my own areas of responsibility, too. Most days, I don't feel I have enough competence for my own work!
Keep up the great work.
Jim Memmer,
CET,
JH Memmer Technical Services, www.jhmemmer.com
