I attended a High Tech Crime Task Force meeting where we were given a tour of the high tech crime lab. One of the locations on the tour was the DNA lab. There were several DNA analyzers which are available 24/7. Effectively, the DNA analyzer is a chemical analyzer. Consequently, I asked the tour host how maintenance was performed and if remote maintenance could be performed. I was told the system could be connected to the Internet, but wasn't. This brought up a number of questions I did not get a chance to ask:
- How do you know if the system has not been connected to the Internet
- Would you know if it were connected
- What security is employed by the system
- Are there control system cyber security policies in place
- How is firmware upgraded and by whom
- ...
It is interesting how may applications use control systems that may not be apparent:
Industrial facilities, mass transit, jail doors, traffic management, aircraft controls, amusement park rides, automotive controls, building controls, DNA analyzers,....
Joe Weiss
