Re: Ransomware outbreak hits Norwegian ‘computers’
"Traditionally, good practice has been to fully isolate SCADA-type systems from office LAN's as they tend to receive less frequent patching (i.e. once or twice a year managed by the vendor) and often won't have AV installed due to either vendor recommendations or conflicts with fragile applications."
This may have been the case in the past but these days many departments within an organisation need access to data from the process control systems for their day-to-day duties. I work for a large automation supplier where the typical system architecture consists of various layers (Plant/Process Control/Operator HMI/Servers/DMZ/Business LAN) separated by firewalls. Most modern control systems (rightly or wrongly) are windows based these days so there is a server that regularly rolls out Hotfixes, Windows Updates, and Virus Definitions.
A few specific examples of how the control system data is used are: Maintenance can interrogate or even re-calibrate field instruments from a workstation in the maintenance shop; Accounts can review tank inventories in real time; Process Engineers can optimise plant performance by reviewing data from the history servers; Corporate can compare production rates in real time between different plants all over the world.
Isolating a SCADA or Process Control System might seem like a good idea but even an air-gapped system can be susceptible e.g. as in the Stuxnet virus that could be introduced via a USB thumb drive.