I remember once talking to an older gentleman who was responsible for some critical infrastructure networks and the gear that made them up. He did everything up shake his fist in the air and call me a whipper snapper over my mere suggestion that SCADA security should involve more than just making sure you have proper documentation of your support agreements with the hardware vendors. He then preceded to tell me what a nusicace people like me are because even things like simple port scans could bring down SCADA gear and I had no regard for the delicate nature that people like his staff have when it comes to this equipment. He then punctuated his rant with “and my equipment is not internet accessible so I am in no way worried about your so called hacker threat”.
I was flabbergasted that actually lives depended on this gentleman.
I thought of this story this morning while reading this news article.
Just because you do not think you have an internet connection doesn’t mean you are not at risk.