I figured that I would chime in here, since I've worked on these types of systems, and in this type of environment for nearly 30 years.

It is common to see these types of alerts for all kinds of HMI software, PLC's, and DCS's. They all have security vulnerabilities discovered, just like any software-based systems do. In the electric utility environment in the US, these systems fall under NERC CIP regulations. There will be someone at the utility tasked with keeping track of these alerts and making sure that systems are patched. For really old systems, they will be planning upgrades.

These Industrial Controls Systems (ICS) will be firewalled from the business networks, which will again be firewalled from the Internet. It is common to have a data historian pushing data out of the secured ICS network onto a system on the business networks. This allows managers, engineers, and anyone else who needs the data for analysis and reporting to do so without having to be inside the plant. These days it is common to have a mechanical engineer working on something from across the country through these historian systems.

The firewalled connection pushing the data out of the network may just be a connection between two servers over a particular TCP port that must be initiated from inside the ICS network as an example of the simplest, and probably the most common example. It is more common these days for the data to be pushed to a DMZ server, which then passes it to the business system, making it even more secure. It is also common to use a data diode, where there is only a fiber optic transmitter on the inside and a receiver on the outside, so you can't even physically pass a signal into the ICS network.

I'm not an expert in these particular Schneider systems, but the alert seems to be for HMI software used in the control room to operate the equipment. These systems would be on the firewalled ICS network and not exposed to the business network, so it is unlikely that someone would be able to access them from the company's business network, much less the Internet.

Security of these ICS networks is taken pretty seriously, and the visibility and attention to security have increased greatly in the last ten years. It certainly isn't as far along as it could be, but the ominous picture of cooling towers, which most people equate to nuclear plants, although they are common in large coal units as well, makes this look much worse than it probably is. I can assure you that there are none of these Schneider systems connected to the Internet controlling a nuclear reactor anywhere.

I'm not trying to paint a rosy picture here, merely suggesting that in all probability there will be some engineers patching some firewalled HMI systems in the coming weeks, while they continue to beef up the security at their plants, and not a nuclear meltdown as some script kiddie exploits this hole in a nuclear control system sitting on the Internet with this hole in it.

Indeed it was. I'll correct the correction. Thanks for the catch.

My father pointed out to me that the nuclear carriers can be a great help after humanitarian disasters as they can desalinate large quantities of water. I found an article about the Carl Vincent that says that it can desalinate 400,000 gallons of water a day. We stationed it off the coast of Haiti after the earthquakes there.

http://content.time.com/time/s...

Wow, imagine a Beowolf Cluster of these!

I have to agree. You can't build a system that isn't ever going to be hacked. You can build a system using the best available practices that is very difficult to hack and put the most effective system possible in place to detect hacking attempts as early as possible. To a large extent, it seems that they did a respectable job in both respects. I'm sure that they can make improvements and will learn lessons from this. They are a well capitalized company and it is absolutely vital that they maintain credibility in this respect. The value of their service diminishes greatly if it is not secure. They simply can't be seen as ineffective in this matter.

I am especially impressed that they obviously had an effective plan together to quickly update client applications in the event that something like this happened. They pushed out updates for IOS and Android very quickly. They even updated Penultimate which was only recently integrated into Evernote. It seems like they had their act together as far as that was concerned.

They obviously need to stay on top of this game. I'd like to see two factor authentication and better not encryption options. I have my concerns about using Evernote, but I am still a pretty heavy user with over 6000 notes. So far, the benefits outweigh the risks. From what I have learned about this incident so far, I don't think that my appraisal of the cost and benefit will tip the other way. I hope that it stays that way because we don't learn anything new about this incident that seems careless or irresponsible, and because they continue to develop the product and improve the security.