Who is responsible for fixing the thousands (some say 100,000) of vulnerabilities that exist in PLCs, DCS, RTUs and other automation devices that are in use in facilities around the world?

On the one hand, we have the position of Dale Peterson at Digital Bond. Dale ardently argues for (and takes) aggressive measures to pressure ICS vendors into making their products more secure. Through their 2012 Project Basecamp and subsequent disclosures, Digital Bond publically released vulnerability details for a large number of controllers.

At the same time, they provided matching attack software, software that could cause serious operational failures at hundreds of critical infrastructure sites around the world. Are these disclosures effective and justified pressure tactics? Or are they irresponsible acts that could harm people, companies and economies? Read more »