|reply to Blackbird |
Re: Kaspersky Lab To Create New OS 'To Save The World'
You are correct that ICS systems should not be connected to the Internet, But in the end most of the larger company do connect them. They also have the IT department configure them in most cases like a regular network.
I worked in this field for many years, and we had a department to do just the network design and configuire all the network hardware setting to best practices but most company's would not pay the high price for the service.
The newer controller have built in firewalls that should stop any virus from making changes to the controllers controls. But that does not stop them on the PCS (Process Control Network). So like in this last virus it could hit the Operator Stations, and the other servers even if it did not make it to the controllers. That is where the paid service above comes in, as it breaks the network into at least 4 levels, each with very high priced switches that limit which PC on the upper level can even talk to PC on each lower level and what protocols are allowed through each level. This might of stopped that last virus.