Im hijacking Joe's blog for a post of my own.
With a hat tip to Byres Security division of Hirschman/Belden, here's a link to a very good article by Rob Hulsebos, a recognized industrial networking expert who happens to live in The Netherlands.
http://www.tofinosecurity.com/blog/cyber-security-nightmare-netherlands
Some comments.
Rob doesn't clearly define or explain the differences between the exploits he describes using a specific manufacturer's industrial networking gear from the password theft exploits he goes on to cover.
And in the interest of full and complete disclosure, I think it is only fair to note that the host blog is owned by Byres Security, which is in turn owned by a significant European-based competitor to the unfortunate industrial networking gear vendor in Rob's article. I should make clear that I don't think the relationship has anything to do with either Rob's article or his conclusions. The reason I wanted it on the record is to diffuse any attempt by that vendor to accuse Byres Security of doing a "hatchet job on them."
Pay attention, people! Are we going to have to have somebody turn off the air, heat, lights, elevators, escalators, etc. in a large public building with concommittant havoc? Or are we going to need somebody to remotely blow up a refinery? What's it going to take before we start getting real about industrial control security issues?