"About ten years ago it was highlighted that these systems have laughable security if any at all....mostly the latter."
Many decades ago, actually. Try connecting to the gear that monitors The Beam at SLAC, for example. Or the controls for the Stanford Dish. Or San Francisco's Hetch Hetchy water supply. Or rather, don't bother. You can't. Grad students wanted to hook 'em up to the 'net back in the late '70s or early '80s. The sane among us put the kibosh on their plans.
Commercial interests of today, however, are truly insane. We tugged on their capes, and were shrugged off. We tapped 'em on the shoulder & were elbowed away. We pulled on their shirts, and were thrust aside. Some even kissed their boots, and were trodden upon. Our message was always the same: "Please, PLEASE, **PLEASE!!** don't connect SCADA kit to publicly available networking systems!"
But did they listen? No. They did not. The idiots.
On the bright side, those of us with a clue are making a pretty penny in our retirement, cleaning up the resulting mess :-)
Yes, I know, I've posted this or similar before (most recently 12 days ago).
Biting the hand that feeds IT
