We’ve seen a period of people doing a lot of reconnaissance of control systems. You see a lot of breaches of companies in the resources business – electric companies, oil and gas, chemical, and mining. That might sound alarming, but the breaches you are really seeing are not touching control systems at all.

The interesting thing about this is that the attacks are targeting very specific information in many of those environments. They have schematics of the control systems. So while they may not be actually touching the control systems, they’re interested in them.

When we think about trends, and what we might see in the future, at some point that information is going to get used, and most businesses that use large critical infrastructure equipment don’t do a particularly good job of segmenting off the enterprise cloud that has malware.

Source: https://www.thecipherbrief.com/article/tech/critical-infrastructure-and-scada-systems-1092

Photo via Sam Churchill