Up until about a decade ago, things were a lot simpler. The industrial control systems that manage the generation and flow of power were pretty much protected from intrusion by their closed-loop architecture. These control systems existed and operated in isolation from everything else. But increasingly, these systems have been linked to countless corporate networks for everything from real-time monitoring of electricity generation and transmission to remote meter reading and automated grid operations.Then along comes the Internet and Web front ends slapped on legacy apps, and all the riff raff come pouring in. Sounds to me like the analogy - while imperfect - mainly fits. Security expert Sami Saydjari sums it up nicely:
the rush to improve convenience and efficiency by tying together administrative systems and billing systems over the Internet has created gateways to the power grid control systems.For more, see the full article in ComputerWorld.