Cyber firms warn of malware that could cause power outages

[Homer J Simpson]

https://www.reuters.com/article/us-cyber-attack-utilities-idUSKBN1931EG

[Jeroen3]

I'm not surprised. I've read elsewhere this malware erases the infected unit. So at least it's not that bad.

When you search shodan.io for abb or siemens you get many hits. Right now it lists one with firmware from 2015. That's prehistorical in real years.

[lapm]

Thats because some idiot manager desided to save some money and use internet as communication channel to help control all that power infrastructure. What happens when idiots put stuff on internet? Unsecured access, bad configurations on devices, etc... Because since none knows they are there, they must be safe, right 

[Jeroen3]

No it's more complicated. Projects like energy infrastructure take long. Little less long than a an aerospace project, but still long due to them being overseen by the government.

Say, a new high voltage switching substation is commissioned today, it will use plans drafted at least 5 years ago. This also means it used PLC's and software from 5 years ago. Because getting changes certified will take a lot of eyes and "consultants", again.

This is the root cause why democratic governments are fundamentally incapable of setting up an IT infrastructure. Everything needs to first-time-right, if not, there must have been mistakes made by someone. These mistakes must be investigated, by a commision. They also see IT as a cost, and not as an investment. This means each decision needs to pass by a council or commission, who hire many consultants because they themselves lack knowledge required to fill the position. This obviously does not work.

Managers care for the company, they have hired you because they don't know. It's up to you, the engineer, to make the systems safe and secure. You should refuse to build an unsafe system. The manager either agrees, or lost an engineer.