The FAA is using Windows. I bet that is the case. All critical systems should be using a proprietary Unix system or at the least a customized Linux version. Using Windows is like saying her I am, come get me.

@diesel

Sure it "seems" like a logical step, but then someone with half a brain should have realized what a can or worms you open when you just hook things up to the internet.

I have no idea WHY parts of our core infrastructure are connected to the internet. I know they NEED to be connected together and that's fine, but why not a private, secure-ish, network for these industries. At least if have an attack you have limited your scope to very specific spots.

We created darpanet, we could do this just as easily.

If only Jack were here. He'd be able to recover the CIP device in 6 hrs!

Whos idea was to connect those machines to the internets anyway?

Its just a natue of things. Anywhere you're gonna have two or more offices remotely, they need to be networked with each other somehow, thats not to say they use the same internet as we know it, but any networked equipment is out there to be eventually stumbled upon.

Whos idea was to connect those machines to the internets anyway? Wait... maybe it's the same guys who think heart monitors should be browsing internets also.

Well nothing new there.
Hiring people that can stop you from bringing yoghurt on a plane is still far easier than finding people that can stop network attacks. Or paying them. Or finding bosses that give a rat's ass about it before planes start falling.

Intelligent people who understand the dangers don't get to positions where they can do something about it, or if they do, they aren't payed enough to stay there and do something about it.