The discovery of vulnerabilities in industrial control devices is a relatively recent development, but it is hardly surprising. That technology was developed up to 40 years ago at a time when virus only meant catching a cold. For example, in August 2011, a research team composed of myself, Tiffany Rad and Teague Newman demonstrated at a DefCon Conference in Las Vegas that they could surreptitiously take control of programmable logic controllers (PLCs) in a correctional facility to open or close any door, while blocking the annunciation of any status changes at central control. This research was validated by Idaho National Laboratories. The detection of weaknesses in some ZigBee devices is one link in this long chain integrators should be aware of.
John J. Strauchs, MA, CPP, is Senior Principal of Strauchs LLC in Ashburn, Va., and formerly CEO of Systech Group Inc., a professional security and fire protection engineering firm. Earlier in his career, he was an operations officer with the U.S. Central Intelligence Agency (CIA).