>From the article, it sounds more like these were systems designed to protect the equipment, which they did. A loss of productivity due to equipment failing or being destroyed has an associated cost. If that cost, factoring in the probability of that event, is less than the cost of not having these things remotely accessible (however that is determined), then the math is pretty clear about what choice you make.
People are not good at figuring out probabilities of events like being hacked - and that's assuming somebody even thought about that as a possibility, which is not at all a given in an industrial setting. The smaller factories that have clung to life here in the Midwest, for example, basically have one 'computer guy' who knows enough to keep things going.
>Even if humans are involved, that's just another cost to factor in. People get killed in work accidents all the time.
This reads like you think that people dying is acceptable risk to take. I'm going to leave it at that, lest I just call you a bunch of unpleasant names for an entire paragraph.
>This is the problem with "security people". Their only care in life is stopping attacks
It's as if that's my fucking job or something, eh?
>so they don't give a damn what the cost is and how it relates to the rest of the organization. We take calculated risks every single day, and if we didn't, nothing would ever get done
Sure we care. An airgapped internal network for this sort of thing would be an acceptable compromise for accessing something remotely. The public Internet is stupid to the point of gross irresponsibility.
> An airgapped internal network for this sort of thing would be an acceptable compromise for accessing something remotely.
Do you even listen to yourself? Do you understand the concept of "remote"?
>This reads like you think that people dying is acceptable risk to take.
Yes, clearly this is a ridiculous notion. No one ever signs up for things that carry a risk of death like driving, being a soldier, or getting shot into space.
People are not good at figuring out probabilities of events like being hacked - and that's assuming somebody even thought about that as a possibility, which is not at all a given in an industrial setting. The smaller factories that have clung to life here in the Midwest, for example, basically have one 'computer guy' who knows enough to keep things going.
>Even if humans are involved, that's just another cost to factor in. People get killed in work accidents all the time.
This reads like you think that people dying is acceptable risk to take. I'm going to leave it at that, lest I just call you a bunch of unpleasant names for an entire paragraph.
>This is the problem with "security people". Their only care in life is stopping attacks
It's as if that's my fucking job or something, eh?
>so they don't give a damn what the cost is and how it relates to the rest of the organization. We take calculated risks every single day, and if we didn't, nothing would ever get done
Sure we care. An airgapped internal network for this sort of thing would be an acceptable compromise for accessing something remotely. The public Internet is stupid to the point of gross irresponsibility.