Craig Wright is on the Board of Directors for GICSR (Global Institute for Cybersecurity + Research) and has ‘fact checked’ the ‘Fact Check’ article written by Scot Terban. See article here: FACT CHECK: SCADA Systems Are Online Now.
Of more interest to me than the fact checking, is the very common story I’ve seen of systems that were put in place by group of people, who’ve handed over the reins to someone else, who in turn have passed it on to another someone, and the knowledge of how the system actually works is gone.
I see this daily on a small scale and every now and again, it’s a not so small system that’s completely just flying on it’s own. No-one knows quite how it works, or even quite what it does.
The only way to reduce the risks inherent in these systems is to have good, clear documentation. Documentation that includes peoples names such as employees, contractors, suppliers, even competitors, that someone might be able to at least contact 10 years later and say “Hey, do you remember working on the xyz project? Would you be able to help us out here?”
Just a thought.