For example, in many cases anyone with logical access to a control system can upload firmware on it without authentication, he said. Passwords are often hardcoded into systems many have administrative backdoors, and very basic buffer overflow errors.

Often, "there is no security around write commands or turning things on and off, or changing a process. You want some control over what happens," Peterson said.

The problem is not an easy one to fix, Peterson added.

Major control systems do not get replaced for years. And even if they were replaced, the replacement systems are likely to be as vulnerable as their predecessors, he said.

"The real shame is that most vendors don't even have a secure system you can buy today. It's a problem that has had little progress," Peterson said.