top | item 37728900

(no title)

Oh, yeah. ICS/SCADA is definitely the worst industry I've heard of as far as security is concerned.

I don't think Microsoft has anything to contribute to that, because no, I don't think Microsoft possesses the technical competence to deal with these systems. They might have more /generalized/ infosec knowledge, but snark aside, I doubt they have the resources they need to really dig into SCADA security simply for the fact that they've never really needed to. I think it'd take them years.

It'd take them years to build a power plant, though...

discuss

cesarb|2 years ago

> I don't think Microsoft has anything to contribute to that, [...] simply for the fact that they've never really needed to.

The unfortunately still very popular OPC protocol suite (except for the newer OPC-UA) runs over DCOM (making it very annoying to interface with if you're not running Windows). The hardening changes Microsoft did to DCOM, starting with Windows XP SP2 and still ongoing, directly affect the security of these systems (and also make them even more annoying to interface with if you're not running Windows).