More than 100 million rely on systems rife with vulnerabilities, says EPA OIG Nearly a third of US residents are served by drinking water systems with cybersecurity shortcomings, the Environmental Protection Agency’s Office of Inspector General found in a recent study – and the agency lacks its own system to track potential attacks. …
I was watching pen-testers talking about this five years ago. There’s no learning curve, I’d there?
Industry best practice is to air gap the scada system from the outside world. But this takes effort and means you need someone onsite to make changes. Most operators decide they would rather be able to make changes remotely. But if you can log into the system from your phone, that means anyone else can also log in from outside.