back to article Kaspersky says air-gap industrial systems: why not baby monitors, too?

I wasn't at AusCERT this year, but watching the Tweet-stream and chatting to fellow Vulture Darren Pauli kept me clued-in, and I was interested to hear that Eugene Kaspersky thinks air-gaps are a good way to protect SCADA systems. Because you won't convince the industrial sector to reverse the cost savings it got from …

  1. Anonymous Coward
    Anonymous Coward

    A voice of reason -- and intelligence

    Kaspersky isn't just a really smart guy, he's practical. Given how badly most private and public entities, not to mention individuals, have compromised the security of their own systems, you don't need to be a rocket scientist to figure out that integrating them even more transparently with the cloud as IoT proponents want, is insane. All the suggestions Kaspersky made should be common sense, but in a world where good sense (as opposed to non-sense) is not common, they bear repeating over and over again until the heads of the idiocracy's citizens begin to hurt.

    1. Anonymous Coward
      Anonymous Coward

      Re: A voice of reason -- and intelligence

      I've had the pleasure of spending two hours chatting to him, and to me, this man is as genuine as they get. He was the first one to tell governments that spyware is spyware, whatever its origin.

      I deeply respect him for sticking to the script.

  2. MacroRodent

    Baby monitors?!

    Are there really internet-connected baby monitors? It seems to me a prime example of an item where internet is a bad idea anyway, simply because if you go further from the baby than the range of normal wireless, you are too far already.

    1. Buzzword

      Re: Baby monitors?!

      Yes they exist - some people like to watch their baby while they're at work.

      What's the worst-case scenario? Let's imagine somebody wants to kidnap your baby, so they'd like to hack into your baby monitor to find out when the parents aren't in the room. (Let's assume it's a hot country and baby's window is wide open.) If the kidnapper is outside your house waiting for the parents to leave the bedroom, it's just as easy to sniff a DECT wireless baby monitor as to hack a wifi-connected one. Maybe even easier.

      Of course, all this is ridiculously hypothetical. Your security flaw is leaving the window wide open, not leaving your baby monitor's firmware unpatched. Most babies are stolen from public places: hospitals and nurseries in the main, but also e.g. snatched from the back seat of the car while mum goes into the petrol station to pay. Let's stop pretending that cybersecurity matters for baby monitors.

      1. MacroRodent

        Re: Baby monitors?!

        Your use case sounds more like a general webcam. For me. a baby monitor was a voice-activated radio that alerted me when the sleeping baby was waking up. Range beyond 30m or so is pointless (in fact possibly harmful), one has to be near enough to respond. The main security threat would be a denial of service that disables the alerting, since for obvious reasons there would not be much to eavesdrop on in the room the baby is sleeping in.

        In this case, I don't see any benefits in internet connection, but there are downsides in the form of decreased reliability.

        1. jonathanb Silver badge

          Re: Baby monitors?!

          If you are within 30 meters of your baby, then don't you have a pair perfectly functional baby monitors attached to either side of your head?

          1. MacroRodent

            Re: Baby monitors?!

            If you are within 30 meters of your baby, then don't you have a pair perfectly functional baby monitors attached to either side of your head?

            They are not enough.The point is getting to attend to the baby when he wakes up but before he starts crying at full blast.

            1. Mpeler
              Black Helicopters

              Re: Baby monitors?!

              Not forgetting, of course, that baby monitors also pick up other voices and activity nearby...

              Sort of a backup for the spooks when the phone tap doesn't work...

            2. Matt Piechota

              Re: Baby monitors?!

              They are not enough.The point is getting to attend to the baby when he wakes up but before he starts crying at full blast.

              It's amusing seeing the replies by people who obviously don't have children. The quoted is someone who has a kid, and knows the value of not waiting until your formerly sleeping baby is screaming at 2am so go comfort them. Also: if you have a audio path to the baby that you can hear him crying, the baby can hear what you're doing and be woken up by it.

              I have an internet-connected baby monitor which I received as a gift. I probably wouldn't have gotten the internet model myself, but it works, it's cheap (~$50 US) and makes life a lot easier. I've only watched it remotely once to see if it worked, however, if I'm not in my own wifi bubble there's no point.

      2. Anonymous Coward
        Anonymous Coward

        Re: Baby monitors?!

        "Yes they exist - some people like to watch their baby while they're at work."

        Exactly - that's what I do. Set the kid up with a hamster dribbler full of formula, go off to work, and I can keep an eye on her every so often in my busy day, watching her sleep, cry incessantly, etc.

        Then I just have to change nappies when I get home after dinner.

    2. Cuddles

      Re: Baby monitors?!

      The benefit is that instead of needing a pair (or more) of matched, dedicated monitors, you can have a single monitor that streams to any network-capable device such as laptop, phone, etc.. Sure, it's only a small convenience, but it's one with no drawbacks (oh no, someone might be able to listen to a sleeping baby!) so why not? Even just having one less device to remember to keep charged is a benefit. While I don't have babies myself, friends and family who do are generally grateful for any convenience they can get, no matter how small.

      Hooking up video and watching things from work is, I agree, completely unnecessary and really not the point of baby monitors in the first place, which are basically supposed to just let you leave the baby sleeping upstairs while still being able to know if it wakes up. But just because some people do stupid and/or pointless things with the technology doesn't mean the technology itself is inherently bad.

    3. Yugguy

      Re: Baby monitors?!

      Yes. And it's fcking ludicrous.

  3. Anonymous Coward
    Anonymous Coward

    I agree on SCADA, but ..

    .. that *should* actually have been good practice from the start. I've involved in a SCADA cleaning up effort where when we started I could talk to Nord Sea plant control systems from my desk, which was a shocking way of going about handling things that can say "boom".

    Mind you, it's not all that bad. To reduce the drama in the above statement, ESD (emergency shutdown systems) already work in isolation so it's not going to go "boom" that easily. Somehow ESDs thankfully escaped any attempt at "modernisation", unlike SCADA platforms themselves which moved from Unix to Windows, mainly for cost reasons (Unix was becoming too expensive at the time, this was in the days of Windows NT 3.5).

    1. Message From A Self-Destructing Turnip

      Re: I agree on SCADA, but ..

      You illustrate an important point. It seems that many people don't know or forget SCADA is a mnemonic for Supervisory Control And Data Acquisition. The key word is Supervisory, in a correctly designed control system SCADA is only used to control the day to day process operations (start mixer no.1, empty tank 4....etc), all critical protection control needed to stop things going boom should be complety independent from the SCADA system. This makes it possible to cause disruption by hacking SCADA, but not to cause damage to plant. (In theory...)

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: I agree on SCADA, but ..

      Depends on the age of your ESD system. If its an old hard-wired one, then you are fine.

      PLC comunicating with Modbus over serial, then you have a few potential problems of stuffing values down it and making something go out of range. With a Modicon, please correct me if I'm wrong, I think you could send to any modbus address with whatever value you wanted. Know where the valves in address space and everything is opened wide.

      PLC linked via Ethernet and you have a machine capable of reprogramming the ESD system.

  4. The Vociferous Time Waster

    It is not for the user to do

    part of the process of selling to the great uneducated is to dumb down the tech to the level where they can take it out of the box, plug it in and use it - if you don't make it secure for the idiots you shouldn't be selling it to the idiots

    1. Anonymous Coward
      Anonymous Coward

      Re: It is not for the user to do

      The problem with that is that there are no incentives to do a righteous job of securing the device so the idiot doesn't have to know how to do that. You have a perverse incentive where doing that righteous job costs more which is reflected in your sales as most customers when buying electronics buy by price. Far better to build a device which does the job just well enough to result in a sale so you can compete with your competitors on who has the cheaper engineering department. [What you flat don't outsource.]

    2. Doctor Syntax Silver badge

      Re: It is not for the user to do

      True, but if you secured it in the first place you wouldn't be able to see what the idiots are doing.

    3. Turtle

      @The Vociferous Time Waster

      "if you don't make it secure for the idiots you shouldn't be selling it to the idiots"

      But they're such a vast and lucrative market...

  5. jake Silver badge

    Duh.

    All my SCADA (including baby monitors[0]) have been air-gapped since the year dot. TehIntraWebTubes ain't exactly secure. Never has been, never will be[1].

    [0] Who in their right mind would allow supervisory control and data acquisition to be accessible to all and sundry, given that most idiots who allow it are using Redmond & Cupertino systems? Especially when infants are involved?

    [1] TehIntraWebTubes was built as a research network, to research networking. It was designed to share data, not to suppress it. Consider that in you next !GooMyFaceYouTwit post.

  6. Planetary Paul
    Happy

    Connection nagging

    > Try turning off data access on your smartphone, for example: it will probably complain incessantly that it can't connect to Google or Apple.

    I have never seen that on my iPhones. Only during initialisation procedures and specific things like updating or upgrading. Otherwise no nagging.

    1. malfeasance

      Re: Connection nagging

      Happens all the time. I have "mobile data" turned off for all non-essential apps on my iPhone (it's enabled for the web-browser, mail and probably the Maps app).

      So, if I'm not connected to WIFI then often this kind of thing happens :

      1) Start the music app (the built in apple one; nothing fancy).

      2) A big notification that you have to OK / CANCEL : Mobile data is not enabled for this application (you can't use the app until you dismiss the notification)

      3) Spot of name calling as to why a fucking music app needs access to the intertubes (yes I know it's to encourage me to buy tunes from the store; who in their right mind would do that over 3G ???).

      1. Anonymous Coward
        Anonymous Coward

        Re: Connection nagging

        So blame the developer of the music app and tell they if they don't correct this you'll find a different app. Apple may be able to ban a calculator app from trying to access your contact list, but a music app needing internet access (not only for iTunes, but maybe also to download cover art, lyrics, other tunes by this band, etc.) is reasonable. Be glad you have the ability to disable mobile data on a per app basis, since there are some apps where you obviously want this (maps) even if you want to limit your mobile data usage as much as possible.

        The main reason your music app's developer cares is probably because it can't download any ads, so they're hoping by nagging you you'll enable it so they can make some money. That's the hazard of "free" apps...

        1. Fred Flintstone Gold badge

          Re: Connection nagging

          So blame the developer of the music app and tell they if they don't correct this you'll find a different app

          Umm, no, this is actually an iOS message. It's a shorter form of "as we get a share of revenue, it is our duty to remind you that you have disabled the last vestige of overcharging mobile vendors have when you're abroad". That message would just be too long to put on a screen, hence the shorter form. :)

          I like iOS in general, but that doesn't mean it's perfect. This is a good example of one of those nuisances you have to put up with when travelling.

          1. Anonymous Coward
            Anonymous Coward

            Re: Connection nagging

            Apple doesn't get a share of data revenue. I think they had some sort of arrangement with AT&T and a few early exclusive carriers where they got a share of the monthly fees, but those are long gone.

            The message comes up if the app doesn't check before it tries to access the net. iOS lets you know why it doesn't work. If you had mobile data disabled for Facebook, you'd want to know why it wasn't loading anything if you forgot you had that disabled or thought you were connected via wifi but weren't.

            1. Anonymous Coward
              Anonymous Coward

              Re: Connection nagging

              The message comes up if the app doesn't check before it tries to access the net. iOS lets you know why it doesn't work.

              I would really appreciate it if they allowed me to switch off this babysitting mode. WiFi disabling doesn't happen by accident, *I* am doing that, and I'm not that old yet that I (a) start to forget things and (b) cannot work out for myself what may be happening. It's exceptionally irritating as messages go because they use a modal format, which means you don't just get pointless "duh" level nagging, you have to acknowledge it as well. One of the fun places where you *really* don't want that to happen is in the car, but that's exactly what you get when you use a GPS app and you have decided not to sponsor the local data roaming rip off.

              To me, this is about as informative as a popup that tells me that the phone may make sounds after I set the alarm.

              I like iOS but that doesn't mean I'm blind to its flaws. I hate nagging equipment with a passion (or more accurately, the kind of people that design this pointless nagging into kit, like the idea that a washing machine should keep on bleeping after finishing, even when it was started on timer and it is thus likely 5AM or so). Grr.

            2. Anonymous Coward
              Anonymous Coward

              Re: Connection nagging

              "The message comes up if the app doesn't check before it tries to access the net. iOS lets you know why it doesn't work. If you had mobile data disabled for Facebook, you'd want to know why it wasn't loading anything if you forgot you had that disabled or thought you were connected via wifi but weren't."

              Thing is, as the original commenter noted, this is the basic Music App provided by Apple itself, which sounds to me like a case of the left hand not knowing what the right hand is doing. Also, why should a baseline music app (which should be focusing on playing the music inside the device) go bonkers over the lack of a data connection?

  7. Captain Scarlet Silver badge
    Paris Hilton

    Patch the broadband router regularly;

    Brilliant advise because every manufacturer rushes out regular patches!

  8. Turtle

    Not Quite An Air-Gap...

    Here's what I used to do when I ran multiple networked computers: while all but one of the machines used TCP/IP, the most important machine - which I needed to have on the network but which I also wanted to isolate / insulate from the internet - was reachable only via NetBEUI which was also installed on all the other computers - and which is, as far as I know, non-routable. (To the limits of my knowledge about network protocols, non-routable NetBEUI was not accessible via the internet, so I considered this a very effective means of protecting that computer.)

    I don't know what NetBEUI's disadvantages would be for other situations in comparison to TCP/IP but for me, there were no disadvantages at all.

  9. SeattleSubllime
    Holmes

    TCP/IP is the problem

    HIP or The Host Identity Protocol fixes this. I know several companies that are building "virtual air gaps" using HIPswitches. Boeing has been doing this for 10 years. Google Tempered Networks. Will work for SCADA but its too expensive for Baby monitors :)

    1. Destroy All Monsters Silver badge

      Re: TCP/IP is the problem

      If it is this one, it will surprise you that it is based on TCP/IP among others.

      Sounds like a standard identification method, like, you know, exchange of certificates in SSL...

      See also RFC6538

      The Host Identity Protocol architecture introduces a new namespace, the "host identity" namespace, to the Internet architecture. The express purpose of this new namespace is to allow for the decoupling of identifiers (host identities) and locators (IP addresses) at the internetworking layer of the architecture. The contributors to HIP have expected that HIP will enable alternative solutions for several of the Internet's challenging technical problems, including potentially host mobility, host multihoming, site multihoming, IPv6 transition, NAT traversal, and network-level security. Although there have been many architectural proposals to decouple identifiers and locators over the past 20 years, HIP is one of the most actively developed proposals in this area [book.gurtov].

      The Host Identity Protocol itself provides a rapid exchange of host identities (public keys) between hosts and uses a Diffie-Hellman key exchange that is compliant with Sigma ("SIGn-and-MAc") to establish shared secrets between such endpoints [RFC5201]. The protocol is designed to be resistant to Denial-of-Service (DoS) and Man-in-the-Middle (MitM) attacks, and when used together with another suitable security protocol, such as Encapsulated Security Payload (ESP) [RFC4303], it provides encryption and/or authentication protection for upper-layer protocols such as TCP and UDP, while enabling continuity of communications across network-layer address changes.

  10. Anonymous Coward
    Anonymous Coward

    Why not different CRCs?

    Different types of networks could use different CRCs. Then protocol units would only propagate across interfaces that deliberately bridge from one to the next and not because some routing protocol used a link installed by mistake.

  11. Mark 85

    I like this....

    Air-gap the IoS thingies.... right up until the devices don't work unless they're connected. So those of us who like the air-gapping will be sitting in the dark, unable to unlock the front door, turn on the heat (or air conditioning), use the refrigerator or stove, etc., etc... I hope it never gets this bad but given the nature of greed and corporations....

  12. John H Woods Silver badge

    Air Gap insufficient

    It's really not going to be that long before some consumer devices hop directly onto 3/4G data services. Securing your router is not going to help you much here.

    1. Mage Silver badge
      Devil

      Re: Air Gap insufficient

      There are ones that do already.

      As we as Smart phones and some tablets.

      At least on Kindle, most phones and tablets you can turn off 3G data access and WiFi access.

    2. jake Silver badge

      @ John H Woods (was: Re: Air Gap insufficient)

      You don't actually understand the concept of "air gap", do you?

      1. Anonymous Coward
        Anonymous Coward

        Re: @ John H Woods (was: Air Gap insufficient)

        We do. Thing is, how do you air gap an object that can find its own connection over the air without user intervention or interruption? Soon, ALL devices may be like this, making "going without" a non-option.

  13. richalt2

    VPN looks like a good path

    I am using vpn. all devices in home behind the firewall, not configured for incoming access. Add an in-home vpn server, ideally in the router. then remote access by vpn client only.

    Make this easy to do!

    1. jonathanb Silver badge

      Re: VPN looks like a good path

      Most people are behind a NAT router with no access from outside, and have a dynamic IP address, so no easy way to get direct access anyway. These sorts of devices tend to phone home to their manufacturer's server, and you can connect to that from outside and get access to the device.

  14. James Cane

    It's all very well

    Until some smart Russian releases cracked nitrogen, then your air gap strategy doesn't look so smart. Vacuum gaps are the real answer.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's all very well

      No, they'll figure out a way to exploit light, which can transmit in a vacuum, and sound which can transmit well through solid objects like an opaque wall.

  15. DanielR

    I believe the issue with the baby monitors is that crappy home routers are designed to open upnp ports which is exactly what was happening. Turn that shit off and don't use crappy routers.

    This is the problem. Most people are supplied crappy routers trying to promote AC wireless as something that will improve their internet speed on their crappy copper when in reality their machine probably can't even work on AC. People don't upgrade their firmwares and neither do the ISP. It's their job to maintain them I reckon unless it's BYO.

    I use a wifi passport generator and then to get that onto devices I use QR code readers. Getting the password onto the PS4 is still stupid though ! Turn mac address filtering on too.

  16. NozeDive
    Big Brother

    Airgap: Impossible

    One of the last paragraphs of the article caused one of those little light bulbs to switch on in my mind:

    "It's easy to do, after all: when you buy the gadget, whatever it might be, you need only ignore its demands that you configure it to access your WiFi network."

    What about when the IoT is all about devices with their own built in 4G/LTE modems with its own IPv6 address? This is what worries me. I fear that there will come a day where all my appliances will be able to dial home irrespective of my WiFi set-up or outbound firewall rules. Personally, I may decide "To hell with the warranty" and open the device and remove or destroy the transceiver.

    I think many people reading this comment will say "Every device having it's own 4G/LTE modem and IPv6 address? It will never happen" and my God, I hope you're right that it never does.

    On the other hand, a refrigerator that texts me a reminder that I'm out of milk and eggs BEFORE I make it all the way home from a long day at work is very tempting...

    1. Charles 9

      Re: Airgap: Impossible

      "What about when the IoT is all about devices with their own built in 4G/LTE modems with its own IPv6 address? This is what worries me. I fear that there will come a day where all my appliances will be able to dial home irrespective of my WiFi set-up or outbound firewall rules. Personally, I may decide "To hell with the warranty" and open the device and remove or destroy the transceiver."

      And the moment you do, the appliance will either (1) stop working altogether, forcing you to replace it out of warranty (since opening the appliance to break the radio voided it), or (2) the device emits all sorts of annoying sounds so as to draw attention to it.

      Worse yet, this will likely become standard issue for all appliances in future. Maybe even require any appliance not broken up to be retrofitted before being resold, at which point we may well be on our way to either 1984 or the Stone Age, with no third option.

  17. Anonymous Coward
    Anonymous Coward

    Need to mandate an air-gap button

    I've thought for a while that Smart Things should have a hard internet-off switch, to electrically disconnect the antenna or WiFi processor.

    No faffing through layers of menus trying to find the correct off-function... which can anyway be overridden BlackBerry-style. Just a discoverable, external button so anyone, even an idiot, can be sure they have enforced an air gap. Like flight mode for laptops.

    This needs to be an legally-mandated standard for consumer goods. With a parallel requirement that goods must be able to carry out their core function without connection to the internet: the freezer can still freeze (exemption where core function IS comms, obvs).

    Particularly important for secondhand goods. I just want the fridge and washing machine in my rented house to work, not take incomprehensible actions for which I have no manual or password.

    1. Anonymous Coward
      Anonymous Coward

      Re: Need to mandate an air-gap button

      Nah, they'll mandate the opposite: that ALL home appliances MUST be able to phone home: ostnsibly for safety reasons (such as to report it's about to Halt and Catch Fire, for example). Top this with a law that says anyone NOT using this stuff is a terrorist out to destroy the world, and the Orwellian regime can finally happen.

  18. NotBob

    Already hacked, too

    Baby monitors have already made the news being hacked. Some of these systems give camera control over the internet. Some have talk-back capabilities. I don't want any of it near my family...

    http://www.cbsnews.com/news/baby-monitor-hacker-delivers-creepy-message-to-child/

    http://www.computerworld.com/article/2913356/cybercrime-hacking/2-more-wireless-baby-monitors-hacked-hackers-remotely-spied-on-babies-and-parents.html

  19. anonymous boring coward Silver badge

    Wouldn't the baby monitor typically communicate using radio waves? So it is already "air gapped", but not in any way that provides security.

    1. jake Silver badge

      @anonymous boring coward

      In your scenario, the radio is actually considered "wire".

      "Air Gapped" means a human has to be approved by system securty bods to physically transfer data between systems via removable storage. True air gapped systems have human physical "security with a clue" between "world" and "internal", and no wire.

      "Stuxnet", for example, was delivered by SneakerNet into systems without a clue about actual air gap security ... SneakerNet in this case being the wire, albeit a one-way connection[0]. A true air-gapped system would have never have allowed Stuxnet to propagate.

      [0] TTBOMK, anyway. Obviously, if you can get a thumb drive in, you can get it out again. Lax security is lax security, no matter how hard you squint at it.

      1. Charles 9

        Re: @anonymous boring coward

        ""Stuxnet", for example, was delivered by SneakerNet into systems without a clue about actual air gap security ... SneakerNet in this case being the wire, albeit a one-way connection[0]. A true air-gapped system would have never have allowed Stuxnet to propagate."

        The thing was, for something like was targeted by Stuxnet, true air-gapping was impossible as parameters have to be entered into the system to change its operation. In this case, it can be a complex set of instructions: too much for a human head to enter correctly, AND it's intolerant of input errors (unavoidable: the products in play are intolerant by nature). It's a necessary evil of a dynamic system; Stuxnet exploited the necessary evil. With something of state-level importance, few precautions can be considered too extreme since an enemy state will find and exploit the one you leave out.

        1. jake Silver badge

          @Charles 9 (was:Re: @anonymous boring coward

          That word "impossible". I don't think it means what you think it means.

          1. Charles 9

            Re: @Charles 9 (was:@anonymous boring coward

            If you can demonstrate someone who can memorize a complex PLC program in their head just by reading it from a screen, then going over to an isolated machine and keying in the same program, without mistake or means to verify there is no mistake, then I'll withdraw my claim.

            1. jake Silver badge

              Re: @Charles 9 (was:@anonymous boring coward

              I don't think you actually understand the issue at hand.

              1. Charles 9

                Re: @Charles 9 (was:@anonymous boring coward

                What's there to understand? Stuxnet relied on subverting a necessarily-complex program just enough so that it wasn't obvious at a glance yet was enough to cause expensive machinery to overload itself and break down. This program was passed around using the only viable transport medium available: USB sticks, as the programs are too complex for a human brain to remember reliably, and it would only take ONE of them, perhaps subverted at the hardware level a la BadUSB, to subvert the first machine, which in turn creates the changes that break the second machine.

                Looks to me like an intractable problem. How would you do it properly if the required medium of transport could've been subverted at the factory level, before you ever got your hands on it?

                And note, Stuxnet not only had State-level support, but also the assistance of the machine's manufacturer. It's like dealing with bribed guards.

                1. jake Silver badge

                  Re: @Charles 9 (was:@anonymous boring coward

                  I was correct. You don't understand the issue at hand. Perhaps if I put it succinctly:

                  ABSOLUTELY ZERO CODE THAT HASN'T BEEN VETTED BY REALSECURITY PROFESSIONALS SHOULD EVER BE ALLOWED ANYWHERE NEAR SCADA! EVER!

                  Clear enough?

                  1. Charles 9

                    Re: @Charles 9 (was:@anonymous boring coward

                    And I'M right. You don't see the REAL real issue, which goes beyond SCADA.

                    You're basically saying SCADA shouldn't exist since the REAL real security professionals would be in the government (the agents BEHIND Stuxnet), meaning they can be subverted. What man can make, man can UNmake.

                    DTA - Don't trust ANYONE.

                    1. jake Silver badge

                      Re: @Charles 9 (was:@anonymous boring coward

                      "You're basically saying SCADA shouldn't exist since the REAL real security professionals would be in the government"

                      Good lord. You really are hard of thinking, aren't you?

                      I am an individual. I have several systems controlled by SCADA[0] (winery, brewery, a couple of greenhouses, the water supply for all the above). They are NOT accessible from the outside world (or each other!), because I see to it that it is imposable.

                      [0] Out of curiosity, do you even understand what SCADA means, and how it works?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like