http://www.digitalbond.com/blog/2012/11/13/two-conversations-last-week/
from link above:
"Our number 1 message – if the bad guys, malware or any other attack
code gets to your ICS, he or it will be able to take down or control
your process. The PLCs and controllers lack basic security to stop any
attack. You have to secure your perimeter to the best degree possible
and prevent even legitimate external access to the ICS, because those
are attack paths.
Most executives do not understand how vulnerable their ICS are. When
you explain it to them they are shocked … wait you mean there is no
security at all??? Not even basic security like my ATM card? "
I don't think the public realizes what these things, the
Industrial Control Systems and
Programmable Logic Controllers, are or what they do.
If your not a specialist in the field, just think about these systems as Remote Controls (like the remote control for your TV) for the machines, switches, and valves used in Utilities and Industry.
Except, instead of infra red laser or radio that a TV Remote usually uses, these Remote Controls use the internet.
And when they were designed and built, no one really considered that anyone that wasn't supposed to play with the settings would even try to, so just like your TV remote control, there is no real security built into these remote controls.
So in very simple terms, what this means, is criminals/terrorist/etc can just use a specialized search engine, think like "Google" but specialized for finding these remote controls, and start messing with the channels on your "TV", turn it off, or maybe even do something like enter so many commands at once it gives the computer in the TV a heart attack and it dies from all the stress it wasn't made to handle.
But in this case the "TV" is actually the electrical substation the delivers power to your neighborhood, or to your hospital, or your kids school and a cold winter day.
Or it could be to the water treatment plant, so there is no clean water for drinking or anything else until the system is fixed, course, the minute the broken parts are fixed, the attacker could just wreck it again.
This is why a lot of security experts are making a lot of noise about this topic, they know there is a problem, and that something needs to be done about it, but it is a really BIG problem, and they need help from you to put pressure on politicians and such to improve the situation.
Attacks already happen, see this link
http://pipelineandgasjournal.com/hacking-industrial-scada-network for full story, snippet:
"It was a Trojan program inserted into SCADA system software that caused a
massive natural gas explosion along the Trans-Siberian pipeline in
1982. A newspaper reported the resulting fireball yielded “the most
monumental non-nuclear explosion and fire ever seen from space.”"
(novel) reference, that one of the problems with Cyber attacks, is that it isn't easy, or often even possible, to tell for sure who launched a cyber attack.